由於資訊科技廣泛應用,企業須改變傳統的企業經營模式,傳統的人工作業已無法滿足企業的基本需求,ERP系統的導入已成為企業提升競爭能力之重要關鍵因素,越來越多作業流程的運行需要由資訊系統進行,資訊科技(Information Technology,簡稱IT)的重要性已從日常資料處理躍升為策略實踐的重要工具,隨著企業作業流程及資訊系統的變革,公司既有的內部控制活動也將連帶受到影響。過去查核人員藉由評估交易書面文件來印證財務報表之合理性,而隨著企業高度使用資訊科技系統,交易資料處理不再以書面交易留下處理軌跡,導致審計軌跡及內部控制結構大幅改變,企業內部稽核人員以傳統人力方式進行查核困難,因此需要透過電腦輔助稽核技術的協助進行查核。 近年來,電腦舞弊案件屢見不鮮,而其中的舞弊手法即是透過篡改系統輸入數據與篡改系統程式,篡改系統輸入數據主要是當數據在輸入前或輸入過程中被篡改從而達到舞弊目的,篡改系統程式主要是透過系統執行篡改過的程式來舞弊,這些舞弊手法往往難以被察覺,因此系統變更風險管理將成為企業資訊系統的安全控制不可或缺的要項之一,本研究使用資訊科技治理中最為廣泛使用的COBIT5框架進行企業資訊系統變更管理及確保系統安全查核,透過持續性稽核系統之程式開發與使用,可有效的強化公司內部稽核效率與品質,降低資訊系統營運風險,改善企業資訊安全環境,進而提升企業資訊科技治理能力。
Due to the increasing demand of applying information technology today, enterprises must change the existing business model since the traditional artificial works can’t meet their basic needs. In this case, the implementation of Enterprise Resource Planning (ERP) has become companies’ key importance of enhancing competitive advantage, and we can also find that more and more operating procedures need to be integrated with information systems, which is an evidence to prove that Information Technology (IT) has become an important tool for companies to achieve strategy goals. Based on the above dimensions, we find that companies’ existing internal control activities are affected by the changes of their operating procedures and information systems. In the past, auditors verified the rationality of financial statements by evaluating trading documents. But we find that as companies use information technology systems frequently, auditors find it difficult to examine trading documents artificially because those documents have changed into digital other than paper works. In this case, we suggest that auditors can work with Computer-assisted audit techniques (CAATs) to handle with the above changes. The numbers of computer fraud crimes are increasing during these years. We find some people commit those crimes by tampering system data and program. Tampering system data is by changing data during or before the input process. On the other hand, Tampering system program is by running the programs that are already tampered before. The above ways are hard to be found, so the change management system for risk management is indispensable to protect information systems of firms. In this research, we use COBIT5 to do the corporate information system change management and assure the system safety management that is widely used in the IT management. By developing and using Continuous Audit system, we can improve companies’ internal audit efficiency, quality, and decrease the operational risk of IT. What’s more, we can improve companies’ information security environment and further improve the IT governance ability by this research.