- 學位論文
物聯網環境下企業風險與稽核機制之研究
A Study of Enterprise Risk and Auditing Mechanism for Internet of Things (IoT) Environments
摘要
隨著資訊與通信科技(Information and Communication Technology, ICT)應用蓬勃發展,物聯網(Internet of Things, IoT)賦予物件智慧並擁有與其他物件或人溝通的能力;換言之,網際網路不只是人與人的溝通管道,更是聯繫全球物與物、人與物的橋樑。物聯網的環境下,智慧裝置自動地產生資訊並且蒐集資訊,促進了巨量資料(Big Data)處理、分析及應用。當物聯網透過有線網路、無線網路、藍芽、或雲端運算(Cloud Computing)傳輸大量的資料,衝擊著企業營運模式的轉變。日趨複雜的企業營運型態、資訊科技環境與日趨嚴謹的法規遵循要求,傳統以人工方式來處理組織日常營運作業已無法滿足企業的基本需求,企業投注資金發展資訊科技並以資訊科技取代人工作業,增強企業的競爭優勢。物聯網的環境下,給企業帶來便利與契機卻也產生風險,企業該信賴這個資訊科技環境嗎?本研究建構物聯網環境下企業風險與稽核機制,用以檢查與評估其現有物聯往相關之企業風險控管措施的執行狀況,以本研究對特定的風險類別議題內部控制有效性的評價,了解部門控制制度需要加強之處。 透過文獻探討與德爾菲專家問卷辨識出企業於物聯網環境下會遇到的問題及挑戰,列出企業於物聯網環境下風險因子;同時,亦在各個風險類別底下建構出COSO各個控制構面的物聯網環境下企業內部控制稽核要項,透過與風險類別的對應識別出這項內部控制稽核要項是有機會用來檢驗此類物聯網風險的相關控管情況,期作為物聯網環境下企業風險與稽核機制。最後,透過個案研究的方式,以驗證本研究產出之可行性,並根據受訪者提供之建議做修改成最終成果。透過本稽核機制來自我評估物聯網環境下之風險是否能夠有相關之內部控制有效管理風險,透過本研究之檢核表,並輔以CMMI能力成熟度模型來檢討自我內部控制落實的程度,檢視內部控制完整性及落實的情況。
並列摘要
With the advance and fast development of Information and Communication Technology (ICT), Internet of Things (IoT) has been given objects and things the ability to communicate with each other’s or people. In the other words, communications between people is not exclusive. It build a bridge between entities around the global and humans. Under IoT environment, the smart objects automatically collect data from the objects’ surroundings and facilitate enterprises to increase their ability to process, analysis and apply those massive data, also know as “Big Data.” IoT delivers massive data by wired networks, Wi-Fi, Bluetooth, or “Cloud.” It has make a great impact on enterprise’s business models or operating activities. Under this environment, the business is more complicated in operating. With rapid development of Information Technology (IT) and more stringent condition in the international standards, laws and regulations, the traditional way to run a business no longer meets the basic business requirements. Business invests IT and uses IT to assist daily operating. This IoT environment brings the convenience and opportunities to companies, but also has potential risk. How do companies trust the IT or IoT environment? This study discuss, develop and verify an effective and feasible audit mechanism to ensure enterprise have effective control those risk of IoT environment. The mechanism also provide internal controls and audit practice model. This study identify enterprise risks that include issues and challenges under the IoT environment through literature review and the Delphi expert questionnaire; simultaneously, this study also develops an auditing items for this environment under COSO framework. Use this auditing items to test or evaluate the risk whether has a good management or not. Finally, the auditing mechanism, verified the feasibility by using the case studies, in this research. With the interviewees' recommendations, the auditing mechanism can be modified. The internal auditor can check and evaluate whether the risks are under effective and efficient control in the IoT environment. Furthermore, the mechanism is used in conjunction with the concept of CMMI Capability Maturity Model to review the degree of internal control implementation and review whether the internal controls are integrity and fully implement.
參考文獻
被引用紀錄
延伸閱讀
- 張碩毅、張麗敏、萬貴然、廖展群(2019)。物聯網環境下企業風險管理與內部控制稽核機制之研究。電子商務學報,21(1),77-119。https://doi.org/10.6188/JEB.201906_21(1).0003
- 呂育賢、張碩毅、張麗敏(2018)。金融科技環境下銀行業風險管理因子與資訊治理稽核要項之探究。電腦稽核,(37),66-85。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201801-201803160015-201803160015-66-85
- 林文隆(2001)。網路銀行的風險管理與內部稽核。內部稽核,(36),25-32。https://doi.org/10.7100/IA.200107.0025
- 賴佳誼、黃追(2004)。銀行業作業風險管理與內部稽核之探討。內部稽核,(48),39-47。https://doi.org/10.7100/IA.200409.0039
- Tang, Y. H. (2020). An AHP-based Risk Assessment Model for Industrial IoT Platforms [master's thesis, National Chiao Tung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0030-0306202016402646