跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.90) 您好!臺灣時間:2024/12/03 04:10
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:周彥儒
研究生(外文):Yen-ju Zhou
論文名稱:利用流程差異偵測機制建構輔助控制測試的電腦稽核軟體
論文名稱(外文):Developing a Computer-Assisted Audit Tool for Control Test - A Business Process Gap Detecting Mechanism
指導教授:黃士銘黃士銘引用關係
指導教授(外文):Shi-ming Huang
學位類別:碩士
校院名稱:國立中正大學
系所名稱:會計所
學門:商業及管理學門
學類:會計學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:英文
論文頁數:118
中文關鍵詞:資源與值相依分析資料庫記錄檔企業流程差異偵測機制電腦輔助稽核軟體
外文關鍵詞:Business Process Gap Detecting MechanismComputer-Assisted Audit Techniques and Tools (CADatabase LogResource and Value Dependence Method
相關次數:
  • 被引用被引用:1
  • 點閱點閱:803
  • 評分評分:
  • 下載下載:109
  • 收藏至我的研究室書目清單書目收藏:3
資訊系統因為其高效率及高效能的特性,已逐漸成為企業的骨幹架構。然而相對於傳統而言,電子的資料也較容易被竄改及破壞。因此對稽核人員來說,確保資訊系統如他們預期般被適當的控制、保護及運行已成為當下一個重要的課題。
對一個不了解資訊系統資料結構及資訊系統流程流的稽核人員而言,稽核資訊系統是相當困難的。因此稽核人員會利用各種電腦輔助稽核軟體(Computer-Assisted Audit Technologies and Tools, CAATTs)來彌補其有關資訊系統方面的知識。然而因為資訊系統的高度複雜性,除非電腦輔助稽核軟體與資訊系統緊密結合,電腦輔助稽核軟體很難針對資訊系統提供完整的控制測試。
資訊系統的控制測試在確保資訊系統流程流及內部控制流之間並不存在流程分歧。因此在本研究中,我們試圖發展一套自動化的機制來偵測資訊系統流程流及內部控制流的流程分歧。本機制僅需兩種查核證據:資訊系統流程流及內部控制流,便能在不結合電腦輔助稽核軟體及資訊系統的情況下提供資訊系統控制測試。
為了證明自動化機制的可行性,我們實作了一套企業流程分歧偵測(Business Process Gap Detecting Mechanism, BPGDM)系統。然後我們使用個案研究法(Case Study Methodology)來評估這套系統。個案公司的企業資源規劃(Entrireprise Resource Planing, ERP)系統存在著資料品質的問題,它們希望能夠藉由電腦稽核專案協助他們解決其資料品質之問題。我們將專案分為兩個階段:第一階段先使用一般審計軟體(Generalized Audit Software, GAS)針對個案公司的資訊系統作證實測試(Substantive Test),第二階段使用企業流程分歧偵測(Business Process Gap Detecting Mechanism, BPGDM)系統針對個案公司的資訊系統作控制測試(Control Test)。個案的結果顯示出本系統確實可以幫助個案公司解決其資料品質的問題,而自動化的機制也能提供個案公司所需之資訊。
Information systems have become the backbone of the enterprise because of the efficiency and effectiveness. However, the electronic data is more easily changed, manipulated, and destroyed relatively. Hence, it is important for auditors to assure that if the information systems are adequately controlled, secured, and functioned as intended.
It is difficult for Auditors to audit the information systems if they do not know the data structure and information system process flow inside the information systems. Therefore, Auditors may use the Computer-Assisted Audit Techniques and Tools (CAATTs) to make up the lacking knowledge of information systems. But because of the complexity of the information systems, unless combining the CAATTs with the information systems, it is hard to perform the entire control test of information systems.
The control test of the information systems is to ensure the business process gap do not exist between information system process flow and internal control flow. In this research, we try to develop an automatic mechanism to detect the business process gap between information system process flow and internal control flow by using information technology. The mechanism only need two audit evidences: information system process flow and internal control flow, and auditors can test the control of information systems without combining their application on them.
We prove the feasiblility of the automic mechanism by constructing a Business Process Gap Detecting Mechanism (BPGDM) system. Then, we use case study methodology to evaluate the system. The result indicates that the system can assist the case company to solve the data quality problem of their ERP system and the automitic mechanism can provide information for the company.
誌謝 I
摘要 II
Abstract III
Contents IV
Lists of Figures VII
Lists of Tables IX
Chapter 1 Introduction 1
1.1 Research Background 1
1.2 Research Objectives 3
1.3 Research Process Flow 4
Chapter 2 Literature Review 6
2.1 Computer-Assisted Audit Techniques and Tools 6
2.1.1 Substantive Test and Control Test of CAATTs 6
2.1.2 Recent Research Issues about the CAATTs 8
2.2 Dynamic Modeling Tools for Internal Control Flow 9
2.3 The Mathematical Model: Petri-Net 14
2.3.1 Basic Concept 14
2.3.2 Analysis Method 16
2.3.3 Mapping Workflow and Dataflow Models to Mathematical Model 20
2.4 Summary 21
Chapter 3 System Architecture 22
3.1 Overview 22
3.2 Identifying the Internal Control Flow for Audit Object 24
3.2.1 Depicting the Internal Control Flow 24
3.2.2 Constructing the Mathematical Model of the Internal Control Flow 27
3.2.3 Adjusted Petri-Net of the Internal Control Flow 37
3.3 Identifying the Information System Process Flow for Audit Object 39
3.3.1 Extracting Database Log 39
3.3.2 Resource and Value Dependence Method 40
3.4 Business Process Gap Analysis 48
Chapter 4 System Implementation 55
4.1 System Analysis and Design 55
4.1.1 Requirements of the BPGDM System 55
4.1.2 Processes of the BPGDM System 57
4.1.3 Construction of the BPGDM System 57
4.3 System Testing 64
4.3.1 The Expenditure Cycle Scenario 64
4.3.2 Depicting the Internal Control Flow of the Information Systems 66
4.3.3 Mapping Workflow/Dataflow Models to Mathematical Model 66
4.3.4 Load Database Log 67
4.3.5 Resource and Value Dependence Method 68
4.3.6 Business Process Gap Analysis 68
4.4 Summary 70
Chapter 5 System Evaluation 72
5.1 Case Study Methodology 72
5.2 Selection of the Case 73
5.3 Data 74
5.3.1 Document Data: 74
5.3.2 Electronic Data 74
5.3.3 Interview 74
5.3.4 Result of the Substantive Test and the Control Test of Information Systems 75
5.4 Validity of the Case 75
5.4.1 Construct Validity 75
5.4.2 Internal Validity 76
5.4.3 Reliability 76
5.5 Introduction of Case Company 76
5.6 Information Systems of the Case Company 76
5.7 Data Quality Problems of the Case Company 77
5.8 The Substantive Test of the Information Systems 78
5.9 Communication of the Substantive Test Result 79
5.10 The Control Test of the Information Systems 84
5.10.1 Test Phases 84
5.10.2 Analysis the Result of the Control Test 86
5.11 Communication of the Control Test Result 89
5.12 Summary 95
Chapter 6 Conclusion 96
6.1 Overview 96
6.2 Research Achievement 97
6.3 Contribution 98
6.3.1 Contribution to Academic Research 98
6.3.2 Contribution to Enterprise 98
6.4 Limitations and Future Works 99
6.4.1 Different Dynamic Models of the Internal Control Flows 99
6.4.2 Workflow Log of Information Systems 99
6.4.3 Completeness of Database Log 100
References from Literature 101
References from Text Book 106
References from World Wide Web 107
Author Information 108
References from Literature
[1]Aalst W.M.P. van der, Mar. 1999, “Formalization and verification of event-driven process chains”, Information and Software Technology, Volume 41, Page 639-650.
[2]Alavi M. and Carlson P., 1992, “A review of MIS research and disciplinary development”, Journal of Management Information Systems, Volume 8, Issue 4, Page 45-62.
[3]American Institute of Certified Public Accountants, 1996, “Amendment to Statement on Auditing Standards No. 31, Evidential Matter”, Statement on Auditing Standards, No. 80, New York: AICPA.
[4]American Institute of Certified Public Accountants, 2001, “The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit”, Statement on Auditing Standards, No. 94, New York: AICPA.
[5]Anisingaraju Sager, Oct. 2003, “The Role of Technology in the Sarbanes-Oxley Act Compliance”, Computer Technology Review, Volume 23, Issue, 10, Page 36.
[6]Badica Costin, Badica Amelia, and Litoiu Valentin, 2003, “A New Formal IDEF-based Modelling of Business Processes”, Proceedings of the First Balkan Conference in Informatics.
[7]Baird Jane, Caster Paul, Dilla William N., Earley Christine E., Johnson Eric N., Louwers Timothy J., Aug. 2003, “Challenges to Audit Education for the 21st Century: A Survey of Curricula, Course Content, and Delivery Methods The 2000-2001 Auditing Section Education Committee American Accounting Association”, Issue in Accounting Education, Volume 18, Issue 3, Page 241-263.
[8]Bandyopadhyay Kakoli, Mykytyn Peter P., Mykytyn Kathleen., 1999, “A framework for integrated risk management in information technology”, Management Decision, Volume 37, Issue 5, Page 437-444.
[9]Beckmerhagen I. A., Berg H. P., Karapetrovic S.V., Willborn W. O., 2003, “Auditing in support of the integration of management systems: a case from the nuclear industry”, Managerial Auditing Journal, Volume 18, Issue 6/7, Page 560-568.
[10]Boehm B., Egyed A., Kwan J., Port D., Shah A., Madachy R., Jul. 1998, “Using the WinWin spiral model: a case study” , Volume 31, Issue 7, Page 33-44, Computer.
[11]Braun Robert L, Davis Harold E., Sep. 2003, “Computer-assisted audit tools and techniques: analysis and perspectives”, Managerial Auditing Journal, Page 725-731.
[12]Bryans Jeremy W., Koutny Maciej, Ryan Peter Y. A., 2005, “Modeling Opacity Using Petri-Nets”, Electronic Notes in Theoretical Computer Science, Volume 121, Page 101-115.
[13]Buhler Paul A., Vidal José M.., Jan. 2005, ”Towards Adaptive Workflow Enactment Using Multi-agent Systems”, Information Technology and Management, Volume 6, Issue 1.
[14]Chan Sally, Feb. 2004, “Sarbanes-Oxley: The IT Dimension”, The Internal Auditor, Volume 61, Issue 1, Page 31-33.
[15]Christensen Jo Ann and Byington J. Ralph, Jun. 2003, “The Computer: An Essential Fraud Detection Tool”, Journal of Corporate Accounting & Finance, Volume 14, Issue 5, Page 23-27.
[16]Cook Glenn R. and Housel Tom, 2005, “Where to Invest in Information Systems: A CRM Case Study”, Proceedings of the 38th Hawaii International Conference on System Sciences.
[17]Costello Claire and Molloy Owen, 2003, “A Rules Based Approach to Business Process Management”, Proceedings of the 2003 International Conference on Internet Computing.
[18]Debreceny Roger, Lee Sook-Leng, Neo Willy, Toh Jocelyn Shuling, Aug. 2005, “Employing generalized audit software in the financial services sector: Challenges and opportunities”, Managerial Auditing Journal, Volume 20, Issue 6, Page 605-618.
[19]Debreceny Roger S., Gray Glen L., Ng Jun-Jin Joeson, Lee Siow-Ping Kevin, Yau Woon-Foong, 2005, “Embedded Audit Modules in Enterprise Resource Planning Systems: Implementation and Functionality”, Journal of Information Systems, Volume 19, Issue 2, Page 7-27.
[20]Dowlatshahi S., Sep. 2005, “Strategic success factors in enterprise resource-planning design and implementation: a case-study approach”, International Journal of Production Research, Volume 43, Issue 18, Page 3745–3771.
[21]Elnaffar Said, Powley Wendy, Benoit Darcy, Martin Pat, 2003, “Today’s DBMSs: How autonomic are they?”, Proceedings of the 14th International Workshop on Database and Expert Systems Applications.
[22]Farwer Berndt, Varea Mauricio, Mar. 2005, “Object-based Control/Data-flow Analysis”, Declarative Systems and Software Engineering Group Technical Report DSSE-TR-2005-1.
[23]Gardiner Stanley C., Hanna Joe B., LaTour Michael S., Jul. 2002, “ERP and the reengineering of industrial marketing processes A prescriptive overview for the new-age marketing manager”, Industrial Marketing Management, Volume 31, Issue 4, Page 357-365.
[24]Gelinas Ulric J., Levy Elliott S., Thibodeau Jay C., Nov. 2001, “Norwood Office Supplies, Inc.: A Teaching Case to Integrate Computer-Assisted uditing Techniques into the Auditing Course”, Volume: 16, Issue: 4, Page 603-636.
[25]Groomer S. Michael, Murthy Uday S., Spr. 1989, “Continus Auditing of Database Applications: An Embedded Audit Module Approach”, Journal of Information Systems, Volume 3, Issue 2, Page 53-69.
[26]Hevner Alan R., March Salvatore T., Park Jinsoo, Ram Sudha, Mar. 2004, “Design Science in Information Systems Research”, MIS Quarterly, Volume 28, Issue 1, Page75-106.
[27]IEEE-SA Standards Board, Feb. 1999, “IEEE Standard for Conceptual Modeling Language Syntax and Semantics for IDEF1X 97(IDEF object)”, IEEE Std 1320.2-1998.
[28]ISACA Standards Board, 2002, “Continuous Auditing: Is It Fantasy or Reality?”, Information System Control Journal, Volume 5.
[29]Jeffrey T., Zimbelman Mark F., Sep. 2004, “Using Game Theory and Strategic Reasoning Concepts to Prevent and Detect Fraud”, Accounting Horizons, Volume 18, Issue 3, Page173-184.
[30]Juan Y. C. and Yang C. O., Apr. 2004, “Systematic approach for the gap analysis of business processes”, International Journal of Production Research, Volume 42, Issue 7, Page 1325–1364.
[31]Kaarst-Brown Michelle L. and Kelly Shirley, 2005, “IT Governance and Sarbanes-Oxley: The latest sales pitch or real challenges for the IT Function?”, Proceedings of the 38th Hawaii International Conference on System Sciences.
[32]Kim C. H., Yim D. S., Weston R. H., Nov. 2001, “An integrated use of IDEF0, IDEF3 and Petri-Net methods in support of business process modeling”, Journal of Process Mechanical Engineering, Volume 215, Issue 4, Page 317-329.
[33]Koch Ina, Junker Bjorn H., Heiner Monika, 2005, “Application of Petri-Net for modeling and validation of the sucrose breakdown pathway in the potato tuber”, Bioinformatics, Volume 21, Issue 7, Page 1219-1226.
[34]Lee Kichang, Jeong Hanil, Park Chankwon, Park Jinwoo, Jan. 2004, “Construction and performance analysis of a Petri-Net model based on a functional model in a CIM system”, International Journal of Advanced Manufacturing Technology, Volume 23, Issue 1-2, Page 139-147.
[35]Lee, P. T., Tan K. P., Jan.1992, “Modelling of visualised data-flow diagrams using Petri net model”, Software Engineering Journal, Volume 7, Issue 1, Page: 4-12.
[36]Marchetti Anne M. , Oct. 2005, “How to Set Up an ERM Program”, Journal of Corporate Accounting & Finance, Volume 17, Issue 1, Page 57-59.
[37]Marnewick Carl, Labuschagne Lessing, 2005, “A conceptual model for enterprise resource planning”, ERP Information Management & Computer Security, Volume 13, Issue 2, Page 144-156.
[38]Meena Hemant Kr., Saha Indradeep, Mondal Joushik Kr., T.V. Prabhakar, Nov. 2001, “An Approach to Workflow Modeling and Analysis”, Proceedings of the Institution of Mechanical Engineers - Part E - Journal of Process Mechanical Engineering, Volume 215, Issue 4, Page 317-329.
[39]Mooney J.Lowell, Harrell Horace W., Ludwig Stephen E., May. 2000, “Audit Software that helps your company stop fraud”, Journal of Corporate Accounting & Finance, Volume 11, Issue 4, Page 17-23.
[40]Murata TaDao, Apr. 1989, “Petri-Nets: Properties, Analysis and Applications”, Proceedings of the IEEE, Volume 77, Issue 4, Page541-580.
[41]Petri C.A., 1966, “Communication with Automata”, Griffiss Air Force Base Tech. Report RADC-TR-65377, Volume 1.
[42]Petterson Mark, Jul. 2005, “The Keys to Effective IT auditing”, Journal of Corporate Accounting & Finance, Volume 16, Issue 5, Page 41-46.
[43]Rezaee Zabihollah, Reinstein Alan, Nov. 1998, “The impact of emerging information technology on auditing”, Managerial Auditing Journal, Volume 13 Issue 8 Page 465-471.
[44]Rezaee Z., Sharbatoghlie A., Elam R., McMickle P. L., 2002, “Continuous Auditing: Building Automated Auditing Capability,” Auditing, Volume 21, Issue 1, Page 147-163.
[45]Rezaee Zabihollah, Elam Rick, Sharbatoghlie Ahmad, 2001, “Continus auditing: the audit of the future”, Managerial Auditing Journal, Volume 16, Issue 3, Page 150-158.
[46]Schattkowsky Tim, 2005, “UML 2.0 - Overview and Perspectives in SoC Design”, Proceedings of the Design, Automation and Test in Europe Conference and Exhibition.
[47]Song Yujin and Lee Jongjun, 2002 “Deadlock Analysis of Petri-Nets Using the Transitive Matrix”, Proceedings of the 41st SICE Annual Conference, Volume 2, Page 689-694.
[48]Stefanov Veronika and List Beate, 2005, “A Performance Measurement Perspective for Event-driven Process Chains”, Proceedings of the 16th International Workshop on Database and Expert Systems Applications.
[49]Turetke Ozgur n, Schuff David, Sharda Ramesh, Ow Terence T., Sep. 2004, “Supporting Systems Analysis and Design Through Fisheye Views” Communications of The ACM, Volume 47, Issue 9, Page 72-77.
[50]Weidenmier Marcia L., Herron Terri L., 2004, “Selecting an Audit Software Package for Classroom Use”, Journal of Information Systems, Volume 18 , Issue 1 , Page 95-110.
[51]Wright Sally and Wright Arnold M., Spr. 2002, “Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations”, Journal of Information Systems, Volume 16, Issue 1, Page 99-113.
[52]Yang David C. and Guan Liming, 2004, “The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States”, Managerial Auditing Journal, Volume 19, Issue 4, Page 544-555.
[53]Yao Albert Wen-Long, Liao Hsin-Te, Chi Jessica Shu-Chuan, Peng Shih-Sen, 2005, “A Petri-Net based Offline Simulation and Online Diagnostic Platform for Manufacturing Systems”, Journal of Chinese Institute of Industrial Engineers, Volume 22, Issue 1, Page 64-75.
[54]Young R. E. and Vesterager J., 1991, “An approach to CIM system development whereby manufactoring people can design and build their own ClM system”, International Journal of Computer Integrated Manufacturing, Volume 4, Issue5, Page 288-299.
[55]Yu Yuan-Chen, Chen Wei-Hao, and Liu Kun-Peng, Mar. 2004, “Integration of EPC and A Modularized Colored Petri-Net through Events for Agile Manufacturing Cell Control”, Proceedings of the 2004 IEEE International Conference on Networking, Sensing &- Control, Taipei, Taiwan.
[56]Zhao Ning, Yen David C., Chang I-Chiu, Dec. 2004, “Auditing in the e-commerce era”, Information Management & Computer Security, Volume 12, Issue 5, Page 389-400.

References from Text Book
[1]Booch Grady, Rumbaugh James, Jacobson Ivar, 1999, “Unified Software Development Process”, Addison-Wesley.
[2]Booch Grady, Rumbaugh James, Jacobson Ivar, Feb. 2002, “The Unified Modeling Language User Guide”, Addison-Wesley.
[3]Champlain Jack J., 2003, “Auditing Information Systems 2nd.”, John Wiley & Sons.
[4]Harrington, J. H., Esseling E. K. C., Van Nimwegen H., 1998, “Business process improvement workbook: documatation, analysis, design, and management of business process improvement” New York:McGrawHill.
[5]Kruchten Philippe, 1999, “Rational Unified Process-An Introduction”, Addison-Wesley.
[6]Keller G., Teufel T., Jul. 1998, “SAP R/3 Process Oriented Implementation”, Addison-Wesley.
[7]Rob Peter, Coronel Carlos M., Jan. 2004, “Database Systems: Design, Implementation, and Management 6th.”, Course-Technology.
[8]Romney Marshall and Steinbart Paul, 2005, “Accounting Information Systems 10th.”, Prentice Hall.
[9]Scheer A. W., 2001, “Aris - Modellierungsmethoden, Metamodelle, Anwendungen”, Spinger.
[10]Ullman Jefferey D., Widom Jennifer, 2002, “A First Course In Database Systems 2nd”, Prentice Hall.
[11]Williams Glynn C., 2000, “Implementing SAP Sales and Distribution”, New York:McGrawHill.
[12]Witten Jeffrey L., Bentley Lonnie D., Dittman Kevin C., 2005, “System Analysis & Design Methods 7th.”, McGrawHill.
[13]Yin Robert K., Campbell Donald T., 2003, ” Case Study Research: Design and Methods 3rd ”, Sage Publications.


References from World Wide Web
[1]Andrews, T., Curbera, F., Dholakia, H., Goland, Y., Klein, J., Leymann, F., Liu, K., Roller, D., Smith, D., Thatte, S., Trickovic, I., and Weerawarana, S., 2003, “Business Process Execution Language for Web Services”, http://ifr.sap.com/bpel4ws.
[2]ApexSQL.com, 2005, http://www.apexsql.com/sql_tools_log.asp.
[3]Baker J., Nov. 2002, “Business Process Management Language (BPML): Automating Business Relationships”, eAI Journal, http://www.eaijournal.com, Page28-31.
[4]Bek Jon, 2004, ZFPAudit: A Computer-assisted Audit Tool for Evaluation of Microsoft Operating Systems, http://www.isaca.org/.
[5]Computer Security Institute (CSI) and San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad, 2005, “2005 Computer Crime and Security Survey”, http://www.GoCSI.com.
[6]Gupta.com, 2005, “Gupta Team Developer”, http://www.guptaworldwide.com/Products/TD.aspx.
[7]Hanrahan Robert P., 1995 ,“The IDEF Process Modeling Methodology”, http://www.stsc.hill.af.mil/crosstalk/1995/06/IDEF.asp.
[8]Lumigent.com 2005, http://www.lumigent.com/.
[9]Microsoft.com, 2005” MSDN:Introduction to Transaction Logs”, http://msdn2.microsoft.com/en-us/library/ms190925.aspx.
[10]Microsoft.com, 2005 “Microsoft Visual C# Developer Center”, http://msdn.microsoft.com/vcsharp.
[11]Oracle.com, , Oct. 2005, “Oracle Database Concepts 10g Release 2 (10.2) B14220-02”,http://download-west.oracle.com/docs/cd/B19306_01/server.102/b14220/toc.htm.
[12]White Stephen A., May. 2004, “Business Process Modeling Notation (BPMN) Version 1.0”, BPMI.org.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top