信息系统结构控制审计框架研究

Research on Audit Framework of Information System Structure Control

本文在分析国外IT目标、IT过程和IT资源的信息系统过程控制审计框架基础上,依据系统控制理论关于执行、反馈和控制的结构性原理,分析信息系统承载业务的业务逻辑、业务流程、业务信息、业务处理、业务性能和业务部署等要素对信息系统各组成部分的影响。结合我国信息系统审计实践,研究并提出了依据信息系统审计目标,确定信息系统审计控制结构和控制点,检查和评价各类信息资源的完整性和控制有效性的信息系统结构控制审计三维框架,以及以管理控制为统领、应用控制为核心、网络控制为基础、安全控制为保障的四维结构控制及其审计重点,试图在过程控制审计框架基础上扩展构建结构控制审计框架,从而形成较为完整的信息系统控制审计框架。

According to system control theory＇s structure principle of execution, response and control , this paper analyses factors which influence information system components, such as business logic , business process, business information, business processing, service performance and service deployment beared by information system, based on a serious analysis of IT target, IT process and IT resource of foreign audit framework on information system process control. By combining domestic practice of information system audit , the paper based on audit target of in- formation system, provides a three-dimensional audit framework of information system structure control by ensuring structure and point of information system audit control, inspecting and evaluating integrity of information resource and control effectiveness. Also, it furnishs a four-dimensional structure control and its auditing emphasis with man- agement control as the coordination, application control at the core, network control as the basis and, security control as safeguards. Finally, on the foundation of audit framework of process control , the paper attempts to expand and establish structure control audit framework, thereby forming a better complete audit framework of information system control.