隨著行動支付新興科技快速發展,給企業帶來發展契機卻也隱含著風險,也引發各界對於其安全性的疑慮,本研究從探究行動支付在應用上的威脅及風險著手,進一步發展一套行動支付環境下企業風險管理與稽核之機制,以確保組織的風險控管皆經良好設計並有效地執行。在研究策略上採用Gowin's Vee 模型,藉由文獻探討與德爾菲專家問卷來建構及修正「企業於行動支付環境下之風險因子」、「行動支付環境下之內部控制稽核要項」,共得出86 個風險因子與158 項稽核要項,並依據企業交叉風險8 類,作為風險因子的分類架構,進一步辨識這些稽核要項與風險類別的對應情況,因此可檢驗該內部控制是有機會解決此類行動支付風險。最終發展出一份行動支付風險管理與稽核手冊,由手冊中的檢核表,輔以CMMI 模型,可作為企業自我評估行動支付環境下的風險是否有相關的內控有效地管理,同時識別出其內控及風險管理上的薄弱環節並作改善。後續透過個案研究的方式進行實務上的驗證,訪談過程中除了了解到個案公司在因應行動支付所採行的風險內部控制及稽核作法,更進一步地驗證本機制於個案公司實務上運用的可行性。
This study starts from exploring the mobile payment risks. Further, developing a risk management and auditing mechanism for organization under mobile payment environment. To ensure that organization’s risk controls are well-designed and effective implementation. Gowin’s Vee model is adopted in the research strategy. Through literature review and the Delphi expert questionnaire, this study constructs and revises a number of risk factors and audit items under the mobile payment environment. Total are 86 risk factors and 158 audit items. Then classifications of risk factors rely upon the cross-risk of enterprise from the Research Central of Economics. Further identify these items corresponding to risk categories. This study can be illustrated that the internal controls have the opportunity resolve the type of mobile payment risks, finally builds a manual of mobile payment risk management and audit. By the checklist in manual, plus CMMI model, organizations can execute self-assessment risk whether have related internal controls to effective management. Afterwards, these mechanisms inspect through a practical case to verify. In the interview, the inspection is understood not only the internal controls and audit approach in response to mobile payment, but also reveals feasibility of the mechanisms on the practical usage by the G digital enterprise of technology.