【作者】 李瑛玫；

【导师】 姜振寰；

【作者基本信息】 哈尔滨工业大学 ， 技术经济及管理， 2008， 博士

【摘要】 随着信息技术和网络的迅速发展、各种经营管理和财务系统在市场经济主体中的不断应用,独立审计客体(统称被审计单位)的信息化趋势日趋增强。在被审计单位日渐全新的信息化环境下,具体审计目标发生扩展,审计对象空前加大,审计方法和手段也需要信息化,再加之与信息化环境相应的审计规范和其他法律法规的缺失,都使得信息化环境下独立审计风险因素变得更加复杂和难以确定。审计活动历来属于高风险的职业领域,这种高风险既来自于全社会对审计工作质量越来越高的厚望和要求,也来自于日益复杂化的审计工作环境。在信息化环境下,独立审计风险问题是注册会计师审计工作的核心问题,了解和控制独立审计风险也是注册会计师审计的必须首要解决的问题。本文以被审计单位日益信息化的内外部环境为背景,选择注册会计师审计这一视角,按照传统审计理论框架和现代风险管理理论的主要分析方法,对信息化环境下独立审计风险的来源、评估与控制等问题进行了全面系统地分析和论述。本文从信息化环境对独立审计风险的影响入手,首先界定了信息化环境下独立审计风险的概念与特征,并用经济学理论对审计风险的形成机理进行了分析,从理论角度阐述了审计风险的不可避免性和可能来源。由于审计目标决定审计风险的具体来源,本文就信息化环境下扩展的具体审计目标进行了详细解析,归纳了信息化环境下独立审计风险的特定来源,并在此基础上提出了“重大错误风险”的概念。在信息化环境下,独立审计重大错误风险的准确评估是审计风险控制的核心内容。根据风险的特征,本文综合运用层次分析法、熵权法和模糊综合评价法,构建了信息化环境下重大错误风险的评估模型,通过对该风险的量化评估,可以更加理性的确定和评价信息化环境下的审计风险。独立审计风险的评估仅仅是审计风险控制的前提,由于信息化环境下审计风险的空前复杂和难以把握,独立审计人员必须严格按照风险导向审计的职业要求,进行风险控制和完成审计工作。信息化环境下的风险导向审计模式与传统环境的现代风险导向审计模式不同,它以测试电子数据及信息系统的重大错误风险为核心,风险导向性更为复杂,本文将其命名为数据风险导向审计模式。通过实务中的案例全面阐释和分析了数据风险导向审计模式的主要工作流程、审计测试内容和风险控制方法,并在此基础上以重要性水平为标准设计了数据风险绩效考核指标。审计风险的控制过程也是审计的过程。注册会计师需要严格按照数据风险导向审计模式的要求执业,才能有效地分析、评估和控制信息化环境下的审计风险。为验证数据风险导向审计模式及重大错误风险评估模型,本文选择了信息化程度比较高的被审计单位“某证券公司”的资产负债损益审计事项作了实证。结果证明,本文提出的数据风险审计导向模式及风险评估模型,在审计实践中能够帮助注册会计师较为客观地确定风险水平和领域,促进其提高审计工作效率和工作质量,风险控制效果明显。更多还原

【Abstract】 With the rapid development of the information technology&network and the application of kinds of business, management and financial systems in the main bodies of market economy, the information trend in the audit objects (All are called the audited units) has enhanced gradually. With such a brandy-new information environment, the specific audit targets have increased, the audit objects are enlarged and methods and technique also involve IT. All these make the independent audit risk factors become even more complicated and difficult to determine with the lack of related law and audit criterion in the information environment. The audit profession is always the career with high risks. The risks not only come from the desire and requirement on high quality of audit from the whole society, but also come from the audited units with more and more degree informationization. The risks’problems are the critical difficulties for the CPAs, and comprehension and control the risks are the first jobs in the information environment for auditors.This dissertation analyzes and discusses problems of risks’source, assassment and control deeply in the information environment of the audited units from the angle of CPAs’view by using the theory frame of traditional audit and methods of the modern risk management.This paper begins with the analyzing the influence of information environment to the audit risks. And firstly it defines the concept and characteristics of audit risks in the environment and analyzes the mechanism of the risks’formation, which makes it clear that audit risks are unavoidable and where is the possible sourse from theory angle. Because the specific source of audit risks depends on the audit objectives, the next part of this paper is to analyze the audit specific objectives in detail and summarize the special sources of audit risks in the information environment. And then this paper puts forward the conception of“significant error risk”.In the information environment, the accurate assessment of independent audit significant error risk is the kernel audit job. This paper applies synthetically the AHP, entropy weight method and the fuzzy method to evaluate the significant error risk by developing the assessment model of significant error risk according to its characteristics. Using this assessment model can make the determining and assessment of the audit risks more objectively.But assessment of the audit risks is just the prerequisite of the risk control. Because the risks in the information environment is unprecedented complex and difficult to hold, independent auditors must control the audit risks and fulfill the job strictly by the guide of risk-based audit approach. The risk-based audit approach in the information environment is different from the traditional one because its key part is to detect the significant error lying in the electronic data and their information systems. So this approach is named“data-risk-based audit approach”. Next, the whole audit working flow, audit test contents and risk controlling methods are analyzed using the cases in audit practice. And the indicators of risk performance assessment are designed on basis of the materiality level. The audit process is also the risk control process. Only CPAs work strictly by this approach, can the audit risks be analyzed, assessed and controlled effectively.At last, one Securities Company with high degree information environment is chosen as empirical verification to test the data-based-risk approach and its risk assessment model. It concludes that they are effective in determining the level and areas of the risks and can promote the effective and efficiency of the audit.更多还原