网络审计的风险及对策研究
摘要
知识经济的到来,使整个社会经济生活都发生着深刻的变化。随着计算机技术和网络技术的迅速发展,IT技术被广泛应用于社会的各个领域,成为企业经营、社会发展的显著特征。IT技术的广泛应用给传统审计带来了巨大冲击,空前的挑战迫使审计模式变化,迫切需要有一个全新的审计模式和审计手段与之相适应。
本文就信息时代网络审计的产生、现阶段的应用状况、主要风险,以及网络审计所面临的挑战与发展对策进行了多角度的探讨。
首先,本文对网络审计的产生和特点进行了论述。网络审计的产生可归纳为外在因素和内在需求两方面,即信息技术的迅速发展和广泛应用迫切需要新型的审计手段、审计技术方法,传统审计手段在审计自身发展中显示出来的效率低下、审计范围狭小等缺点也促使向网络审计方向发展,由此可见,网络审计是信息时代的审计发展的必然趋势。
其次,本文对网络审计的要素和网络审计系统的一般构成进行了分析,对信息时代对各个审计要素的影响进行了思考,并分析了网络审计系统的构成和网络审计的技术实现一般方法。同时,对现阶段网络审计面临的主要问题进行了分析。
接着,本文对网络审计可能面临的风险进行了提示,对网络审计中系统、网络、非法入侵、人员操作等方面的风险进行了深度分析,对不同风险水平提出了不同应对措施。
最后,基于以上的分析,针对现阶段网络审计面临的挑战和风险,分审计理论、审计立法和审计准则、审计软件开发、系统风险控制、审计人员培训几方面提出了相应的对策,并提出:紧密依靠科技发展,在审计工作中采用先进的IT技术手段降低风险、提高效率;大力发展网络审计的更高阶段—联网持续审计,使得计算机辅助审计向持续、动态、实时进行监控和审计的方向发展,更充分、更有效地发挥审计的监督和服务作用。
As the arrival of knowledge economy era, the social and economic life is undergoing profound changes. With the rapid development of the computer and network technology, IT technology has been widely used in various fields of society, and becomes salient features of social and economic development. The extensive application of IT technology has huge impact on the traditional audit, and the unprecedented challenge force us to change the audit mode. It is urgent to produce a new audit model and corresponding method. In this paper, we address the emergence of the web-based audit, its application at this stage, the main risk, and the current challenges that web-based audit faces, as well as corresponding countermeasures in the information era from multiple perspectives.
First of all, this article discourse the emergence of web-based audit and its characteristics. The emergence of the web-based audit can be summarized as external factors and internal demand, namely, the rapid development of information technology and extensive application need new auditing measures, auditing techniques urgently. The low efficiency in the traditional audit methods and a narrow scope also boost the development of web-based audit. Consequently, web-based audit is considered to be the inevitable trend in the information era.
Secondly, this paper analyzes every element of the web-based audit and its impact in the information era. Then we consider about the general construction of web-based audit system, and the conventional method for technical implementation. In addition, the primal problem that web-based audit faces at this stage has been discussed.
Then, this article advises some potential risks that may happen in web-based audit. The analyses of the risks in system, network, illegal encroachment, as well as operator have been given, and some recommended countermeasure have been proposed.
Finally, we address the problems to auditing theory, audit legislation and rule, audit software development, risk control of the system, and audit personnel training based on the analysis above. Corresponding suggestions have several claims. Using advanced IT technology to reduce risk and improve efficiency. Web-based audit will step into a higher level- network continuous auditing, where the computer-assisted audit will be sustained, dynamic, real-time monitoring. And it will play the role of supervision and services effectively.
本文就信息时代网络审计的产生、现阶段的应用状况、主要风险,以及网络审计所面临的挑战与发展对策进行了多角度的探讨。
首先,本文对网络审计的产生和特点进行了论述。网络审计的产生可归纳为外在因素和内在需求两方面,即信息技术的迅速发展和广泛应用迫切需要新型的审计手段、审计技术方法,传统审计手段在审计自身发展中显示出来的效率低下、审计范围狭小等缺点也促使向网络审计方向发展,由此可见,网络审计是信息时代的审计发展的必然趋势。
其次,本文对网络审计的要素和网络审计系统的一般构成进行了分析,对信息时代对各个审计要素的影响进行了思考,并分析了网络审计系统的构成和网络审计的技术实现一般方法。同时,对现阶段网络审计面临的主要问题进行了分析。
接着,本文对网络审计可能面临的风险进行了提示,对网络审计中系统、网络、非法入侵、人员操作等方面的风险进行了深度分析,对不同风险水平提出了不同应对措施。
最后,基于以上的分析,针对现阶段网络审计面临的挑战和风险,分审计理论、审计立法和审计准则、审计软件开发、系统风险控制、审计人员培训几方面提出了相应的对策,并提出:紧密依靠科技发展,在审计工作中采用先进的IT技术手段降低风险、提高效率;大力发展网络审计的更高阶段—联网持续审计,使得计算机辅助审计向持续、动态、实时进行监控和审计的方向发展,更充分、更有效地发挥审计的监督和服务作用。
As the arrival of knowledge economy era, the social and economic life is undergoing profound changes. With the rapid development of the computer and network technology, IT technology has been widely used in various fields of society, and becomes salient features of social and economic development. The extensive application of IT technology has huge impact on the traditional audit, and the unprecedented challenge force us to change the audit mode. It is urgent to produce a new audit model and corresponding method. In this paper, we address the emergence of the web-based audit, its application at this stage, the main risk, and the current challenges that web-based audit faces, as well as corresponding countermeasures in the information era from multiple perspectives.
First of all, this article discourse the emergence of web-based audit and its characteristics. The emergence of the web-based audit can be summarized as external factors and internal demand, namely, the rapid development of information technology and extensive application need new auditing measures, auditing techniques urgently. The low efficiency in the traditional audit methods and a narrow scope also boost the development of web-based audit. Consequently, web-based audit is considered to be the inevitable trend in the information era.
Secondly, this paper analyzes every element of the web-based audit and its impact in the information era. Then we consider about the general construction of web-based audit system, and the conventional method for technical implementation. In addition, the primal problem that web-based audit faces at this stage has been discussed.
Then, this article advises some potential risks that may happen in web-based audit. The analyses of the risks in system, network, illegal encroachment, as well as operator have been given, and some recommended countermeasure have been proposed.
Finally, we address the problems to auditing theory, audit legislation and rule, audit software development, risk control of the system, and audit personnel training based on the analysis above. Corresponding suggestions have several claims. Using advanced IT technology to reduce risk and improve efficiency. Web-based audit will step into a higher level- network continuous auditing, where the computer-assisted audit will be sustained, dynamic, real-time monitoring. And it will play the role of supervision and services effectively.
引文
[1]李春莲、朱志勇.网络经济审计刍议.中国管理信息化(会计版),2007,(5):73-75
[2]中华人民共和国商务部.中国电子商务报告,2006-2007
[3]时小荣.未来审计发展的趋势――网络审计.财经界(下旬刊),2007,(4):22-25
[4]中国财经网.博科取得国内审计信息化建设的突破性进展,2008.1.17
[5]张菁.审计软件发展初探.审计与经济研究,2001,3:38-39
[6]蔡春.审计理论结构.东北财经大学出版社,2001.3
[7]张金城、陈伟.计算机辅助审计原理及应用.清华大学出版社,2008.6
[8]曾宪策.网络审计的创新和风险.中国审计,2003,(2):45-47
[9]董刚毅.网络审计的风险和控制.审计理论与实践,2002,(9):45-47
[10]李雪、熊杰.新技术下审计程序的创新.财会通讯,2001,(5):37-38
[11]文忤.关于网络审计的利弊探讨.现代商业,2007,(23):75-76
[12]滕丙果.我国网络审计存在的问题及对策研究.企业家天地,下半月刊(理论版),2007,(1):95
[13]段小法.网络审计若干问题探讨.财政监督,2007,(16):63-64
[14]李旭芳.网络信息审计系统中数据采集的研究与实现.计算机工程与设计,2007(3);550-552
[15]张玉英.论网络审计面临的问题及对策.商业会计,2007,(8):42-43
[16]王风华、李金克.网络审计风险的防范.中国管理信息化(会计版),2007,(3):72-73
[17]徐志华.网络审计安全的对策.科技资讯,2007,(4):164-164
[18]马宁.金审工程网络防病毒体系的构建.中国金融电脑,2007,(3):29-30
[19]张娟、廖洪.基于IT技术的连续审计(CA):综述与展望.审计研究(AuditResearch),2006,(5):79-84
[20]王爽.浅谈网络审计的风险及其防范.数码世界,2005,(13):27-28
[21]刘剑民、周咏梅.网络审计发展中的问题与建议.财会通讯(综合版),2005,(5):46-46
[22]苏运法、袁小勇、王海洪.计算机审计.首都经贸大学出版社,2005.1
[23]郑晓龙、林辛.浅议信息技术时代的网络审计.经济师,2004,(4):221-222
[24]潘立亚.互联网时代审计新概念-网络审计.经济师,2004,(3):229-229
[25]李金花.论电子商务时代的网络审计.河南商业高等专科学校学报,2003,(6):77-79
[26]毛久智、董振喜.论网络时代审计模式的创新.河北56建筑科技学院学报,2003,(4):78-80
[27]谢荣.论审计风险的产生原因、模式演变和控制措施.审计研究,2003,(4):24-29
[28]邵俊波.论审计风险的管理与控制概念.审计理论与实践,2003,(1):23-25
[29]夏敏.网络审计的重要性与可行性分析.审计天地,2003,(10):33-36
[30]王海琳.试论会计网络化系统的安全风险和对审计的影响.审计研究,2003,(1):44-46
[31]汪佑民.对电子商务环境下网络审计的探讨.湖北财经高等专科学校学报,2002,(4):46-48
[32]姜灵敏.网络会计安全问题研究.西南财经大学出版社,2002
[33] Alexander Kogan、Ephraim F.Sudit、Miklos A. Vasarhelyi.[美]卢特戈斯大学.王立彦、代冰彬、高强等译.会计师互联网应用指南.北京大学出版社,2002.3
[34]陈方林.论网络化审计系统的功能设计及其风险防范.广东商学院学报,2001,(3)
[35]吕新民.论网络经济时代的网络审计.审计与经济研究,2001.4:20-22
[36]金光华.网络审计.上海立信会计出版社,2000
[37] Searcy, D.; Woodroof, J.; Behn, B.,Continuous audit: the motivations, benefits, problems, and challenges identified by partners of a Big 4 accounting firm,System Sciences, 6-9 Jan 2003,pp.10
[38] She-I Chang;Chih-Fong Tsai;Dong-Her Shih;Chia-Ling Hwang,The development of audit detection risk assessment system: Using the fuzzy theory and audit risk model, Expert Systems with Applications: An International Journal Vol.35, No.3,Oct. 2008,pp.1053-1067
[39] Charles Ling-yu Chou;Timon Du;Vincent S. Lai,Continuous auditing with a multi-agent system, Decision Support Systems,Vol.42,No.4,Jan. 2007,pp.2274 - 2292
[40] PZheng Lin;PJing Wu,Research on audit informatization under the environmentof e-business,Proceedings of the 7th international conference on Electronic commerce,Aug. 2005,pp.34 - 36
[41] Yacov Yacobi,Risk Management for E-Cash Systems with Partial Real-Time Audit,Netnomics,Vol.3,No.2,Sep. 2001,pp.119 - 127
[42] Cristina Buchholz, The impact of web services on audit , Integrity and internal control in information systems V,Jan. 2003,pp.151 - 172
[43] James G. Vincent,Internal audit: A user of computer-based information systems,Proceedings of the 17th annual computer personnel research conference, Vol.42,No.4,Jun. 1980,pp.41 - 62
[44] Anna Carlin;Frederick Gallegos,IT Audit: A Critical Business Process ,Computer ,Vol.40,No.7,Jul. 2007,pp.87 - 89
[45] Sikka Prem; Filling Steven; Liew Pik, The audit crunch: reforming auditing, Managerial Auditing Journal. Vol. 24, No. 2, 2009, pp. 135-155
[46] Hatherly David J.,Travelling audit's fault lines: a new architecture for auditing standards, Managerial Auditing Journal, Vol. 24, No. 2, 2009, pp. 204-215
[47] Karnet Igor; Rajkovic Vladislav, Computer-supported Model for Auditors' Performance aluation, Organizacija / Journal of Management, Informatics and Human Resources, Vol. 42, No. 6, Nov.-Dec. 2008, pp. A262-A271
[48] Holm C (Holm, Claus) ; Laursen PB (Laursen, Peter Birkholm), Risk and control developments in corporate governance: changing the role of the external auditor? CORPORATE GOVERNANCE-AN INTERNATIONAL REVIEW,Vol.15, No.2, Mar. 2007, pp.322-333
[49] Davis JT; Massey AP; Lovell RER, Supporting a complex audit judgment task: An expert network approach, EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, Vol.103 No.2, Dec.1997,pp.350-372
[50] Ohta Y (Ohta, Yasuhiro), The role of audit evidence in a strategic audit, JOURNAL OF ACCOUNTING AND PUBLIC POLICY, Vol.28, No.1, Jan-Feb 2009,pp.58-67
[2]中华人民共和国商务部.中国电子商务报告,2006-2007
[3]时小荣.未来审计发展的趋势――网络审计.财经界(下旬刊),2007,(4):22-25
[4]中国财经网.博科取得国内审计信息化建设的突破性进展,2008.1.17
[5]张菁.审计软件发展初探.审计与经济研究,2001,3:38-39
[6]蔡春.审计理论结构.东北财经大学出版社,2001.3
[7]张金城、陈伟.计算机辅助审计原理及应用.清华大学出版社,2008.6
[8]曾宪策.网络审计的创新和风险.中国审计,2003,(2):45-47
[9]董刚毅.网络审计的风险和控制.审计理论与实践,2002,(9):45-47
[10]李雪、熊杰.新技术下审计程序的创新.财会通讯,2001,(5):37-38
[11]文忤.关于网络审计的利弊探讨.现代商业,2007,(23):75-76
[12]滕丙果.我国网络审计存在的问题及对策研究.企业家天地,下半月刊(理论版),2007,(1):95
[13]段小法.网络审计若干问题探讨.财政监督,2007,(16):63-64
[14]李旭芳.网络信息审计系统中数据采集的研究与实现.计算机工程与设计,2007(3);550-552
[15]张玉英.论网络审计面临的问题及对策.商业会计,2007,(8):42-43
[16]王风华、李金克.网络审计风险的防范.中国管理信息化(会计版),2007,(3):72-73
[17]徐志华.网络审计安全的对策.科技资讯,2007,(4):164-164
[18]马宁.金审工程网络防病毒体系的构建.中国金融电脑,2007,(3):29-30
[19]张娟、廖洪.基于IT技术的连续审计(CA):综述与展望.审计研究(AuditResearch),2006,(5):79-84
[20]王爽.浅谈网络审计的风险及其防范.数码世界,2005,(13):27-28
[21]刘剑民、周咏梅.网络审计发展中的问题与建议.财会通讯(综合版),2005,(5):46-46
[22]苏运法、袁小勇、王海洪.计算机审计.首都经贸大学出版社,2005.1
[23]郑晓龙、林辛.浅议信息技术时代的网络审计.经济师,2004,(4):221-222
[24]潘立亚.互联网时代审计新概念-网络审计.经济师,2004,(3):229-229
[25]李金花.论电子商务时代的网络审计.河南商业高等专科学校学报,2003,(6):77-79
[26]毛久智、董振喜.论网络时代审计模式的创新.河北56建筑科技学院学报,2003,(4):78-80
[27]谢荣.论审计风险的产生原因、模式演变和控制措施.审计研究,2003,(4):24-29
[28]邵俊波.论审计风险的管理与控制概念.审计理论与实践,2003,(1):23-25
[29]夏敏.网络审计的重要性与可行性分析.审计天地,2003,(10):33-36
[30]王海琳.试论会计网络化系统的安全风险和对审计的影响.审计研究,2003,(1):44-46
[31]汪佑民.对电子商务环境下网络审计的探讨.湖北财经高等专科学校学报,2002,(4):46-48
[32]姜灵敏.网络会计安全问题研究.西南财经大学出版社,2002
[33] Alexander Kogan、Ephraim F.Sudit、Miklos A. Vasarhelyi.[美]卢特戈斯大学.王立彦、代冰彬、高强等译.会计师互联网应用指南.北京大学出版社,2002.3
[34]陈方林.论网络化审计系统的功能设计及其风险防范.广东商学院学报,2001,(3)
[35]吕新民.论网络经济时代的网络审计.审计与经济研究,2001.4:20-22
[36]金光华.网络审计.上海立信会计出版社,2000
[37] Searcy, D.; Woodroof, J.; Behn, B.,Continuous audit: the motivations, benefits, problems, and challenges identified by partners of a Big 4 accounting firm,System Sciences, 6-9 Jan 2003,pp.10
[38] She-I Chang;Chih-Fong Tsai;Dong-Her Shih;Chia-Ling Hwang,The development of audit detection risk assessment system: Using the fuzzy theory and audit risk model, Expert Systems with Applications: An International Journal Vol.35, No.3,Oct. 2008,pp.1053-1067
[39] Charles Ling-yu Chou;Timon Du;Vincent S. Lai,Continuous auditing with a multi-agent system, Decision Support Systems,Vol.42,No.4,Jan. 2007,pp.2274 - 2292
[40] PZheng Lin;PJing Wu,Research on audit informatization under the environmentof e-business,Proceedings of the 7th international conference on Electronic commerce,Aug. 2005,pp.34 - 36
[41] Yacov Yacobi,Risk Management for E-Cash Systems with Partial Real-Time Audit,Netnomics,Vol.3,No.2,Sep. 2001,pp.119 - 127
[42] Cristina Buchholz, The impact of web services on audit , Integrity and internal control in information systems V,Jan. 2003,pp.151 - 172
[43] James G. Vincent,Internal audit: A user of computer-based information systems,Proceedings of the 17th annual computer personnel research conference, Vol.42,No.4,Jun. 1980,pp.41 - 62
[44] Anna Carlin;Frederick Gallegos,IT Audit: A Critical Business Process ,Computer ,Vol.40,No.7,Jul. 2007,pp.87 - 89
[45] Sikka Prem; Filling Steven; Liew Pik, The audit crunch: reforming auditing, Managerial Auditing Journal. Vol. 24, No. 2, 2009, pp. 135-155
[46] Hatherly David J.,Travelling audit's fault lines: a new architecture for auditing standards, Managerial Auditing Journal, Vol. 24, No. 2, 2009, pp. 204-215
[47] Karnet Igor; Rajkovic Vladislav, Computer-supported Model for Auditors' Performance aluation, Organizacija / Journal of Management, Informatics and Human Resources, Vol. 42, No. 6, Nov.-Dec. 2008, pp. A262-A271
[48] Holm C (Holm, Claus) ; Laursen PB (Laursen, Peter Birkholm), Risk and control developments in corporate governance: changing the role of the external auditor? CORPORATE GOVERNANCE-AN INTERNATIONAL REVIEW,Vol.15, No.2, Mar. 2007, pp.322-333
[49] Davis JT; Massey AP; Lovell RER, Supporting a complex audit judgment task: An expert network approach, EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, Vol.103 No.2, Dec.1997,pp.350-372
[50] Ohta Y (Ohta, Yasuhiro), The role of audit evidence in a strategic audit, JOURNAL OF ACCOUNTING AND PUBLIC POLICY, Vol.28, No.1, Jan-Feb 2009,pp.58-67