信息系统审计的理论架构—论其学科归属与基于风险审计理论的操作流程

发布时间：2018-10-05 21:08

【摘要】：信息系统审计(ISA)是专业审计人员根据审计标准，针对信息系统的安全性、可靠性和有效性实施独立审计并发表意见，向IS对象的最高领导层提出一系列建议的管理活动。在信息技术高速发展，人们广泛依赖于信息系统的今天，开展信息系统审计显得尤为重要。国外对ISA的研究起源于20世纪60年代，从最初的电子数据处理审计发展为计算机审计，，再发展为现在的ISA，经历了几十年的发展历史，已经取得了相当的成果。国际信息系统审计与控制协会(ISACA)的成立推动了对这一领域的研究，该协会不但制定了全球范围内适用的ISA标准、执业指南，其IT管理机构制定了全球范围通用的IT控制标准(COBIT，Control Objectives for Information and Related Technology)，该协会还在全球100多个国家成立了180多个分会，推行注册信息系统审计师(CISA)资格考试，为ISA的发展作出了巨大贡献。目前美国、印度、日本、加拿大、英国等国的ISA都发展相当迅速。我国对ISA的研究刚刚起步，目前还处于推介阶段，对ISA的研究相当浅簿。特别是国内存在着将ISA同计算机辅助审计(CAA，Computer Asisted Audit)混为一谈的现象；也有人认为ISA应是纯技术性的东西，不应归为审计范畴；还有人认为ISA可由信息工程监理IPS(Information Projects Supervisal)代替。在这样的背景下，作者欲在ISA这一新兴事物在国内的发展初期，对其概念、特征、对象、内容、方法等诸方面作一分析，肃清其性质，以利于其发展。通过对ISA与传统审计、CAA、IPS等的比较分析，得出ISA是审计发展的新阶段，它扩大了审计的对象内涵，ISA的出现将推动审计学科同会计学科的分离，ISA不能由信息系统监理代替。同时，IS环境也促进了风险理论的发展，IS风险同经营风险、财务风险和控制风险一样属于企业的非系统风险，IS风险还会影响审计风险与ISA风险。论文通过对风险理论的分析，在审计框架的基础上提出了基于风险理论的ISA流程。
[Abstract]:Information system Audit (ISA) is a kind of management activity that professional auditors carry out independent audit and express opinions on the security, reliability and effectiveness of information system according to auditing standards, and put forward a series of suggestions to the top leadership of IS objects. With the rapid development of information technology and the extensive reliance on information system, it is very important to carry out information system audit. The research on ISA in foreign countries originated in the 1960s, from the initial electronic data processing audit to the computer audit, and then to the current ISA, has experienced decades of development history, has achieved considerable results. The establishment of the International Information Systems Audit and Control Association (ISACA) has promoted research in this field. The Association has not only developed the ISA standards and practice guidelines applicable worldwide, Its IT governing body has developed universal IT control standards worldwide (COBIT,Control Objectives for Information and Related Technology), which also has more than 180 chapters in more than 100 countries around the world, runs the (CISA) qualification Test for Certified Information Systems auditors, It has made great contribution to the development of ISA. At present, the ISA of the United States, India, Japan, Canada, Britain and other countries are developing quite rapidly. The research on ISA in our country is just beginning, and it is still in the stage of introduction. The research on ISA is quite shallow. In particular, there is a phenomenon that ISA is confused with computer-aided audit (CAA,Computer Asisted Audit) in China; some people think that ISA should be purely technical and should not be classified as audit; others think that ISA can be replaced by information engineering supervision IPS (Information Projects Supervisal). Under this background, the author intends to analyze the concept, characteristics, objects, contents and methods of ISA in the early stage of its development in China, so as to eliminate its properties and facilitate its development. Based on the comparative analysis of ISA and CAA IPS, it is concluded that ISA is a new stage of audit development, and the appearance of ISA will promote the separation of audit discipline from accounting discipline. It can not be replaced by information system supervision. At the same time, the environment of is has also promoted the development of risk theory. Financial risk and control risk belong to the non-system risk of the enterprise as well as the non-system risk. It will also affect the audit risk and the ISA risk. Based on the analysis of risk theory, the ISA process based on risk theory is proposed in this paper.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2004
【分类号】：F239

【引证文献】