【作者】 靳思思；

【导师】 陈旭；

【作者基本信息】 重庆理工大学 ， 会计学， 2010， 硕士

【摘要】 企业信息化建设能为企业管理质量、经营效益的提高带来质的飞跃。通过信息化来获得比较竞争优势,得到越来越多的企业的认同。然而在信息化建设过程中,伴随着巨大的风险,如果忽视或放任随之而来的风险,必然会给企业带来巨大的损失。因此,人们需要理性的而非经验性的面对高风险和高失败率的企业信息化。信息化作为企业可持续发展战略之一,必须把企业信息化风险治理提高到企业风险治理的高度。作者在研读大量文献之后,发现从风险角度进行企业信息化治理的理论研究并不多。在实践中,我国的企业信息化大多数是以项目为驱动,而非目标驱动,缺乏长远的战略规划。我国对企业信息化风险控制的理论研究和实践探索还处于起步阶段。2004年美国反对虚假财务报告委员会(COSO)正式发布了《企业风险管理——整体框架》(ERMF),该框架将内部控制框架纳入其中,企业借此转向一个更加全面的风险管理过程。另一方面,信息及相关技术控制目标(COBIT)是国际上目前普遍采用的IT治理框架,它为企业信息化提供了一套权威的且是全球通用的公认标准,其目的是规范并提高IT治理水平、有效防范控制风险及增加信息技术价值等等。文章在总结国内外企业风险控制研究现状的基础上,以财务风险为视角,以COSO的《企业风险管理——整体框架》和COBIT为理论平台,以COBIT划分的四个域对应的34个IT处理过程及其对应的详细控制目标和ERMF提到的企业风险管理八个相互关联的构成要素为基础,建立企业信息化风险控制模型,分析企业信息化后对财务风险的影响。其次,在理论研究的基础上,把得到的ERMF和COBIT的风险控制模型,应用于“基于ERMF & COBIT风险分析辅助系统”。最后,对理论研究和实践的研究结果做出总结。更多还原

【Abstract】 Enterprise informatization construction brings a qualitative leap for the quality of enterprise management and the economic benefits . More and more enterprises believed that through the Enterprise informatization construction to obtain the comparison competitive advantages of enterprises . However, in the information construction process, accompanied by huge risks. if the subsequent risk be neglected or indulged , and it will bring great loss. Therefore, people need to rational rather than empirical face to the Enterprise informatization construction process which with the high risk and failure rate.After the study of abundant literatures , found that, in the theory research there are seldom fruit from the angle of risk management for enterprise informationization. In practice, most of the enterprise informationization in our country is the project for drive, rather than the goal driven, lack of long-term strategic planning. Our enterprise informationization risk control to the theoretical study and practice is still in the initial stage.In 2004,By the organizing committee of National Commission on Fraudulent Financial Reporting,called COSO(Committee of Sponsoring Organizations), officially released the enterprise risk management framework - (ERMF). The framework of(with) internal control framework, will help enterprise to turn into a more comprehensive risk management process. On the other hand, Control Objectives for Information and related Technology (COBIT) is now widely used in international management framework, It provides a set of authority and the universal accepted standards for enterprise informatization. Its purpose is to regulate and improve IT management level, effectively preventing the risk control and increase value of information technology, etc.Based on the summary of domestic and international enterprise risk control and the present research on financial risk, ERMF and COBIT as the theoretical platform, based on COBIT divided to four fields of 34 IT process and its corresponding detailed control target and the enterprise risk management ERMF mentioned in eight interrelated elements, enterprise informationization risk control model of enterprise informatization will be constructed, the financial risks after impact will be analyzed. Secondly, in theory, on basis of the research of the ERMF COBIT and risk control model, and applied it to "ERMF & COBIT risk analysis based on auxiliary system". Finally, get the theoretical study and practical research results.更多还原