基于ERM的企业IS内部控制要素构建及思考

Based on ERM the Factor Construction of Enterprise IS Internal Control

传统企业内部控制已经不适应信息时代的要求,现代内部控制已从封闭走向开放,从僵化走向灵活、动态。及时识别与评估IT过程的相关风险,分析其产生的原因,完善信息系统内部控制体系,是IS内部控制的关键。本文拟通过ERM框架与COBIT框架的比较,将ERM理念灌输到IT管理实践,以实现标准之间的融合与对接。

The traditional enterprise internal control already did not adapt the information age request, the modern internal control moved towards the opening from the seal, moves towards from the ossification is nimble, is dynamic. Distinguishes promptly and appraised the IT process the related risk, analyzes the reason which it produces, the perfect information system internal control system, is the IS internal control key. This article plans through the ERM frame and the COBIT frame comparison, instills into the ERM idea to the IT management practice, realizes between the standard fusion and docking.