【摘要】：隨著信息技術(shù)的飛速發(fā)展,信息系統(tǒng)的應(yīng)用越來越廣泛,信息系統(tǒng)越來越顯示出它的優(yōu)越性與高效性。組織的許多事務(wù)或管理都通過信息系統(tǒng)進(jìn)行解決,大大節(jié)省了人力物力,減少了許多繁雜的重復(fù)勞動,從而提高了整個組織的運行效率。在信息系統(tǒng)及其應(yīng)用帶給人們方便、快捷、高效的同時,其安全、可靠和有效也成為社會十分關(guān)注的話題。同時,信息系統(tǒng)實施的失敗案例也是屢見不鮮,并不是所有的信息系統(tǒng)都能給企業(yè)帶來預(yù)期的效益。因此企業(yè)信息系統(tǒng)審計越來越被重視,如何對信息系統(tǒng)風(fēng)險進(jìn)行控制成為國內(nèi)外學(xué)者研究的重點。 國內(nèi)外一些學(xué)者和組織對企業(yè)信息化風(fēng)險控制的內(nèi)容和基本框架進(jìn)行了一定的研究,但尚未形成成熟的模型和方法,目前仍處于不斷的完善和發(fā)展中。我國的企業(yè)信息化多以項目為驅(qū)動,缺乏長遠(yuǎn)的戰(zhàn)略規(guī)劃,對企業(yè)信息化風(fēng)險控制的研究,還處于起步階段。 根據(jù)我國企業(yè)信息化的發(fā)展情況,結(jié)合國內(nèi)外相關(guān)研究的現(xiàn)狀,本文從審計的視角采用理論研究和實證研究、定量分析和定性分析、內(nèi)部控制與外部控制相結(jié)合的研究思路,借鑒國外信息化風(fēng)險控制的相關(guān)思想,構(gòu)建信息化風(fēng)險控制結(jié)構(gòu)模型。通過風(fēng)險控制的模型和方法的研究,使用定量與定性結(jié)合的評價方法,對信息化相關(guān)的企業(yè)核心風(fēng)險進(jìn)行優(yōu)先級排序,為企業(yè)信息系統(tǒng)審計提供依據(jù),有效實施信息化風(fēng)險控制,實現(xiàn)企業(yè)經(jīng)濟(jì)與社會效益。 本文在綜述國內(nèi)外信息化風(fēng)險控制相關(guān)理論、標(biāo)準(zhǔn)和最佳實踐的基礎(chǔ)上,將企業(yè)信息化風(fēng)險控制的理論框架以及信息化風(fēng)險控制實施過程作為研究重點,嘗試性地提出了企業(yè)信息化風(fēng)險治理的框架�？蚣艿娘L(fēng)險控制過程部分將企業(yè)信息化風(fēng)險控制定義為包括風(fēng)險識別、風(fēng)險分析與評價、風(fēng)險監(jiān)控三個過程要素相結(jié)合的動態(tài)過程。為保證風(fēng)險控制的有效順利實施,信息系統(tǒng)審計起著重要的作用,對審計如何參與此過程進(jìn)行了探討。論文最后結(jié)合企業(yè)信息化風(fēng)險控制案例,對本文提出的企業(yè)信息化風(fēng)險控制實施框架進(jìn)行了初步應(yīng)用。
[Abstract]:With the rapid development of information technology, the application of information system is becoming more and more extensive. Many of the affairs or management of the organization are solved through the information system, so that the manpower and material resources are greatly saved, and a plurality of complex repetitive labor is reduced, so that the operation efficiency of the whole organization is improved. The information system and its application bring convenience, rapidness and high efficiency to the people, and the safety, reliability and effectiveness of the information system are also a topic of great concern to the society. At the same time, the failure cases of information system implementation are also common, not all information systems can bring the expected benefits to the enterprise. Therefore, the audit of the enterprise information system is becoming more and more important, and how to control the risk of the information system becomes the focus of the research of the scholars at home and abroad. Some scholars and organizations at home and abroad have studied the content and basic framework of the enterprise's information risk control, but the mature models and methods have not yet been developed, and are still in the process of perfection and development. China's enterprise information is driven by the project, lack of long-term strategic planning, the research of the enterprise's information risk control, and the start-up step. According to the development of Chinese enterprise information, in combination with the present situation of domestic and foreign research, this paper adopts theoretical and empirical research, quantitative analysis and qualitative analysis, internal control and external control in the perspective of audit. To study the thought, draw on the relevant thought of the foreign information risk control, and construct the information risk control junction By studying the model and method of risk control, the method of quantitative and qualitative combination is used to rank the core risk of the enterprise related to the information, provide the basis for the enterprise information system audit, effectively implement the information risk control, and realize the enterprise economy and society Based on the review of the relevant theories, standards and best practices of the information risk control at home and abroad, the paper puts forward the theoretical framework of the enterprise's information risk control and the implementation of the information risk control as the focus of the research, and puts forward the enterprise information risk. The risk control process part of the framework defines the enterprise information risk control as the three process factors including risk identification, risk analysis and evaluation and risk monitoring The dynamic process of information system audit plays an important role in ensuring the effective and smooth implementation of risk control, and how to participate in the process Finally, the paper discusses the implementation framework of the enterprise information risk control based on the case of enterprise information risk control.
【學(xué)位授予單位】：昆明理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2008
【分類號】：F270.7;F239.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 葉明芷;淺談IT治理與信息化建設(shè)[J];北京聯(lián)合大學(xué)學(xué)報(自然科學(xué)版);2005年02期

2 湯宗健,梁革英;企業(yè)信息化風(fēng)險因素分析[J];改革與戰(zhàn)略;2004年05期

3 溫紹國,鄭小平,桂志強;信息技術(shù)外包的風(fēng)險及其控制[J];經(jīng)濟(jì)論壇;2005年16期

4 王英梅,劉增良,程湘云;信息系統(tǒng)風(fēng)險評估與管理的定量化方法研究[J];計算機工程與應(yīng)用;2005年22期

5 肖龍;方勇;戴宗坤;楊煒;蔡恒;;基于模糊神經(jīng)網(wǎng)絡(luò)的信息系統(tǒng)風(fēng)險分析[J];計算機應(yīng)用研究;2006年05期

6 唐毅;論企業(yè)信息化[J];科技與管理;2003年05期

7 丁建平;薛恒新;;IT審計與商業(yè)銀行信息系統(tǒng)風(fēng)險防范[J];現(xiàn)代金融;2005年12期

8 吳小萍,鄒華興;企業(yè)信息化建設(shè)風(fēng)險剖析[J];企業(yè)經(jīng)濟(jì);2005年02期

9 巫江;歐陽峰;;企業(yè)信息化的風(fēng)險管理探討[J];企業(yè)經(jīng)濟(jì);2006年02期

10 ;Progress in virtual enterprise risk controlling in a complicated information system[J];Science Foundation in China;2006年01期

相關(guān)碩士學(xué)位論文 前3條

1 陳慧勤;企業(yè)信息安全風(fēng)險管理的框架研究[D];同濟(jì)大學(xué);2006年

2 賈斌;企業(yè)信息安全風(fēng)險分析與控制[D];西北工業(yè)大學(xué);2006年

3 陳朝;我國信息化建設(shè)中信息系統(tǒng)審計問題研究[D];東北師范大學(xué);2006年

，

本文編號：2500912