电脑审计的动态风险评价机制.pdfVIP

摘要 隨著資訊科技日新月異，利用電腦從事舞弊手法不斷翻新，偵防困 難。從事查核之審計人員對資訊安全如未加注防範，將造成極大風險。因 此本論文在現行審計人員身處於電腦審計環境中，嘗試在一般傳統財務報 表之查核風險模式導入資訊安全風險因素，建立符合資訊時代的動態查核 風險模式，使其契合現實科技環境；繼而從動態查核風險模式中推導出風 險評估模式，並運用質化與量化的風險分析方法建立風險分析模式，將會 計資訊系統可能遭受破壞者各種可能破壞及危害行為予以數值化，分析其 函數相互關聯性，尋找對會計資訊系統危害路徑。本論文係對電腦審計動 態風險評估做敘述與探索性研究，其目的在提供查核人員對於查核風險評 估及決策選擇參考，於危害路徑上強化審查措施。 本論文應用網路快捷便利性與即時性提出電子商務環境中之新型態 審計服務，以數位簽章理論建置依附審計角色之可追蹤電子付款模式 ，提 供連續性審計認證服務。並提出以群體數位簽章理論建置網路檢舉模式 ， 以間接性服務方式輔助審計作業，強化企業內部控制，糾舉不法並保障檢 舉人之隱私。藉以提高審計服務品質，降低審計風險 。 關鍵字 ：1.電腦審計、2.風險評估、3.資訊安全、4.危害路徑、5 盲目數 位簽章、6 群體數位簽章 -1- Abstract As information technology continuously advancing, the computer fraud related skills also keep on improving. There always are new ideas being developed by the attackers to break down security system so as to gain some sorts of profits. Especially, in the case of computer auditing, if the auditor is negligent of information security, the risks and danger suffered will be very considerable. This study is intent to deal with a particular, however important issue in which auditors work inside a computer auditing environment, and such an environment is of potential information security risks. We ’ve tried to introduce information security risk factors into a traditional financial report auditing risk model. In further, to construct a suitable dynamic auditing risk model to fulfill the requirements of current technology environment. Based on such a dynamic auditing risk model, a risk assessment model （REM ） can also be successfully developed . Such a REM can be done in terms of qualitative and quantitative risk analysis methodology. Any possible attack and fraud behavior relate to accounting system can therefo