检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]南京审计学院,211815
出 处:《审计研究》2011年第2期21-28,共8页Auditing Research
基 金:教育部2010年度人文社会科学研究规划项目"中观IS审计风险的COBIT式控制模式研究"课题;南京审计学院校级课题(项目号:NSK2009/B22)的阶段性研究成果
摘 要:近年来,中观信息系统在我国得到广泛应用,中观经济主体对信息系统审计(IS审计)的需求日益广泛。因中观IS审计的研究具有专业性、抽象性等特点,当前我国该方面的研究成果相对较少。基于多种因素考虑,本文认为,我国亟需构建一套成熟的中观IS审计及其风险管理理论体系,旨在对中观信息系统进行科学管理与有效控制。鉴于此,本文在研究中观审计、IS审计、审计风险、风险管理四要素的基础上,对中观IS审计风险管理理论加以梳理,并以信息安全管理为视角,借鉴国外BS7799标准、COBIT模型、通用准则CC、ITIL标准,初步构建了中观IS审计风险管理的框架,该框架以重大错报风险为切入点,深入探索了中观IS审计风险管理的施行思路。In recent years, the increasingly widespread application of meso-information system in China has triggered greater demands from meso-economic entities for this audit system. On the other hand, however, the complex and abstract nature of research in this field has curbed the satisfactory growth of studies both in number and quality. In view of this fact, this paper points out that there is an urgent need to establish a sound theory of meso-information systems audit risk management in order to ensure the scientific and efficient management of meso-information systems. Based on the four key elements of meso-information systems audit, IS audit, audit risk and risk management, this paper first examines the basic theory of meso-information systems audit risk management, and then tries to construct a theorectical framework for audit risk management of meso-information system referring to international norms like BS7799 criterion, COBIT model, CC norm and ITIL criterion. The proposed frame work is constructed from the perspective of material misstatement risk and aims to explore a set of practical measures for the risk management of meso-information systems.
关 键 词:中观审计 信息系统审计(IS审计) 风险管理 框架构建
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.231