基于IT治理的企业IT风险管理框架的研究-会计学专业论文.docxVIP

企业对IT的依赖性越来越强，却没有太多合理的IT风险管理框架来为信息 企业对IT的依赖性越来越强，却没有太多合理的IT风险管理框架来为信息 化过程保驾护航，这导致了不断增长的对风险管理框架的需求。本文研究的目的 在于为于信息化成熟度较高的企业建立一个针对信息技术部门的风险管理框架。 本文研究的另一个重要内容在于收集和整合IT风险管理的需求，并将其融 成一个系统的整体。 本文的第一章介绍了风险管理框架产生的背景、必要性，同时也概述了IT 治理的一些概念。第二章则从国内国外两个方面介绍了风险管理框架的需求，主 要侧重于规则需求方面。第三章介绍了国际流行的控制框架和标准。第四章从对 比和综合两个角度深入的对各个内部控制框架进行了分析。随后在此基础上第五 章构建了新的风险管理框架并对其进行了分析，同时提出了实施的办法。文章的 第六章在最后通过一个政务软件的案例来看在新框架的指导下对组织的IT技术 内部控制审计有哪些启示。最后是结论。 关键字：JT治理；内部控制；风险管理框架 CONSTRUCT CONSTRUCT 1 0N OF AN l T R l SK FRAMEWORK BASED 0N I T GOVERNMENT Abstract In recent years，there have emerged many scandals in the world such as the bankrupt of Enron．the fmancial abuses of the WbrldCom and the cheats on several listed companies in China as well，which make the whole world focus on many facts on financial report．As a result of the bad effect of the scandals and the pressure of the congress of United States．the Sarbanes．Oxley Act of 2002、糯enacted on July 30． 2002．Then the SEC and NYSE promulgated the rules and the restrictions one after another,which cause deep influences on corporation governance and internal contr01． Bill 302 of the bill asks CEO and CFO for their internal control systems reports． and it also need the signature in the financial statements submitted to the SEC—as a guarantee。therefore。this law will force senior executives to ensure that the corporation’s internal contr01 system to be appropriate．while Bill 404 requires companies to：(1)Presentation of management to establish and maintain adequate intemal controls and financial reporting responsibilities；(2)at the end of the fmancial veaL listed companies make effects assessment on the intemal control structure and financial reporting procedures．It’s the first time that NYSE requires all listed companies must register with the internal audit function． In 1 994，revised COSO Report was bom，which is also referred to the image of the internal control”Bible．”September 2004．COSO proposed a”corporate risk management．the overall framework,”It is not