(3.227.208.0) 您好!臺灣時間:2021/04/18 12:45
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:李興漢
研究生(外文):Shing-Han Li
論文名稱:開發一持續性稽核輔助系統--利用資訊流程模式
論文名稱(外文):Developing a Continuous Auditing Assistance System by Using Information Process Models
指導教授:黃士銘黃士銘引用關係
指導教授(外文):Shi-Ming Huang
學位類別:博士
校院名稱:國立中正大學
系所名稱:資訊管理所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:英文
論文頁數:197
中文關鍵詞:持續性稽核通用性稽核軟體遵循測試證實測試
外文關鍵詞:System Development and ValidationSubstantive testContinuous AuditingGeneral Audit SoftwareCompliance Test
相關次數:
  • 被引用被引用:2
  • 點閱點閱:522
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:121
  • 收藏至我的研究室書目清單書目收藏:3
近年來,持續性稽核已成為在商業環境下不可擋的趨勢,稽核的軌跡也由傳統的憑證查核演變為使用通用性稽核軟體輔助進行系統內資料查核。然而,大多數的稽核人員來自非資訊背景,因此,對於使用稽核軟體並不熟練,因此無法勝任此工作。除此之外,稽核人員如何能夠獨立且持續的對資訊系統進行遵循測試與證實測試也為一重要議題。
本研究透過資訊流程模式(使用案例圖、資料流程圖、實體關係圖)提出一個系統化的分析方法協助稽核人員了解該資訊系統的弁遄B資料流程與資料存放的關係,並對應至稽核程序(稽核目標、關鍵控制點、稽核公式),透過此方法輔助,稽核人員可以獨立的完成稽核公式的設計。此外,在遵循測試方面,本研究藉由資料流程圖與系統資料庫存取日誌的比對,幫助稽核人員偵測出異常的交易流程;在證實測試方面,透過實體關係圖協助稽核人員了解系統的資料存放關係,並輔以建立勘入式稽核公式常駐於系統中,將異常資料即時地記錄於稽核軌跡中。透過此三模組的實行,將可協助稽核人員進行獨立性查核,並且立即反應系統可能的異常狀況,達到持續性稽核的目的。
依照上述的機制,本研究開發了一個雛形系統—持續性稽核輔助系統,以證明此機制之可行性。並透過實際案例(公司),說明此系統確實可以有效的偵測出錯誤的發生,以幫助稽核人員提早處理。本文最後,並透過實驗設計方式,經由六十位稽核相關人員的協助,透過問卷進行使用者評估,結果顯示,本系統對於稽核人員在進行稽核時,確實在有效性、有效率性、滿意度、有用性、易用性等方面有顯著提升。
In recent years, Continuous Auditing (CA) has become an inevitable trend in current business enviorment. This trend causes that auditing tasks have evolved from the traditional paper-based way to computer-aided auditing like use the General Audit Software (GAS) to perform data auditing. However, most auditors who conventionally come from non-IT professional are not competent enough for computer-aided auditing due to not familiar with the manipulation of auditing software. Therefore, how an auditor independently and continuously performs compliance tests and substantive tests in the CA enviorment has become an important issue.
This study proposed a systematic analysis approach to help auditors understand business processes, data flow and data structure of information systems and map the aforementioned into the process of auditing including auditing objectives, key control and auditing rules by employing information process models such as Use-case Diagram, Data Flow Diagram and Enityt-Relationship Diagram. With this approach, auditors can independently design auditing rules. In additions, auditors can performed a compliances test to detect unusual transactions by checking and comparing both database log and Data Flow Diagram. Furthermore, a substantive test can be performed to record and reveal abnormal data in a real-time manner by mapping Entity-Relationship Diagram and creating embedded auditing rules which resident in database. By doing so, auditors can perform auditing tasks independently, feedback the extraordinary immediately, and reach the objectives of Continuous Auditing.
A prototype system named CAAS (Continuous Auditing Assistance System) is also proposed and implemented to demonstrate the feasibility of this study. The CAAS is practically operated on the revenue module of an ERP system implemented by F Company to prove that it can find fraudulence efficiently and send the alert to auditors in time. Conseqently, the CAAS shows its ability of improving easy of use, effectiveness, efficiency, satisfaction and usefulness by both empirically testing and surveying conducted on 60 auditors.
CHAPTER 1 INTRODUCTION 1
1.1 RESEARCH BACKGROUND 1
1.2 RESEARCH MOTIVATION 3
1.3 RESEARCH OBJECTIVES 6
1.4 RESEARCH METHOD & RESEARCH PROCESS 7
CHAPTER 2 LITERATURE REVIEW 9
2.1 CONTINUOUS AUDITING 9
2.2 DESIGN A CONTINUOUS AUDIT PROGRAM 14
2.3 CONCEPTUAL MODEL 17
2.3.1 Requirement Analysis—Use-case Diagrams (UCD) 19
2.3.2 Process Modeling—Data Flow Diagrams (DFD) 20
2.3.3 Data Modeling—Entity-Relationship Diagrams (ERD) 20
2.3.4 Conclusions 21
2.4 COMPUTER-ASSISTED AUDIT TOOLS AND TECHNIQUE (CAATTS) 23
2.5 AUDIT SOFTWARE 25
2.5.1 Survey of Audit Software 25
2.5.2 Investigation into Current Audit Software 26
2.5.3 Importance of and Need for Audit Software 28
2.6 SUMMARY 30
CHAPTER 3 SYSTEM ARCHITECTURE 31
3.1 INTRODUCTION 31
3.2 SYSTEMATIC ANALYSIS APPROACH 33
3.2.1 Pre-step. Understand Business Process 34
3.2.2 Step1. Set Audit Objectives 36
3.2.3 Step2. Set Key Control 38
3.2.4 Step3. Design Audit Rules 42
3.3 COMPLIANCE TEST MODULE—USING DATABASE LOG ANALYSIS 46
3.3.1 Database Log Analyzer 46
3.3.2 Process Analyzer 50
3.3.3 Process Conformance Test 54
3.4 SUBSTANTIVE TESTS—USING EMBEDDED AUDIT MODULE 56
CHAPTER 4 SYSTEM VERIFICATION 63
4.1 SYSTEMATIC ANALYSIS APPROACH 63
4.2 COMPLIANCE TEST—USING DATABASE LOG ANALYSIS 70
4.2.1 Database Log Analyzer 70
4.2.2 Process Analyzer 75
4.2.3 Process Conformance Test 79
4.3 SUBSTANTIVE TESTS—USING EMBEDDED AUDIT MODULE 81
CHAPTER 5 SYSTEM IMPLEMENTATION 84
5.1 SCOPE DEFINITION 85
5.2 PROBLEM ANALYSIS 86
5.3 REQUIREMENTS ANALYSIS 87
5.4 LOGICAL DESIGN 88
5.5 DECISION ANALYSIS 90
5.6 PHYSICAL DESIGN AND INTEGRATION 92
5.7 CONSTRUCTION AND TESTING 94
5.7.1 System Architecture 96
5.7.2 Systematic Analysis Approach 98
5.7.3 Compliance Test—Using Database Log Analysis 100
5.7.4 Substantive Tests—Using Embedded Audit Module 105
5.7.5 Audit Report 107
5.8 INSTALLATION AND DELIVERY 108
5.9 SYSTEM VALIDATION – F COMPANY 109
5.9.1 Introduction of Case Background 109
5.9.2 Implement CAAS in F Company 110
5.9.3 Summarization of the Case Study 117
CHAPTER 6 SYSTEM EVALUATION 119
6.1 RESEARCH MODEL AND HYPOTHESES 119
6.2 RESEARCH DESIGN 125
6.2.1 Preparing for the Experiment 125
6.2.2 Conducting the Experiment 125
6.2.3 Experimental Task 126
6.3 OPERATIONALIZING THE HYPOTHESES 128
6.4 RESULTS 143
6.5 SUMMARIZATION OF EXPERIMENT DESIGN 160
CHAPTER 7 CONCLUSION AND FUTURE WORK 161
7.1 CONCLUSION 161
7.2 RESEARCH CONTRIBUTION 165
7.2.1 Benefits of CAAS 165
7.2.2 Contributions of This Research 166
7.3 RESEARCH LIMITATIONS AND FUTURE WORKS 167
REFERENCE 169
APPENDIX 176
APPENDIX A QUESTIONNAIRES (EXPERIMENT GROUP) 176
APPENDIX B QUESTIONNAIRES (CONTROL GROUP) 185
APPENDIX C QUESTIONNAIRE RESULTS 192
CURRICULUM VITA 194
1.Gattiker, T.F., Goodhue, D.L. (2005). “What Happens After ERP Implementation: Understanding the Impact of Interdependence and Differentiation on Plant-level Outcomes,” MIS Quarterly, 29, 2005, pp.559-585.
2.Martinsons, MG (2004). “ERP in China: One Package, Two Profiles,” Communications of the ACM, 47:7, pp.65-68.
3.Brown W. and Nasuti F. “What ERP Systems Can Tell Us About Sarbanes-Oxley,” Information Management & Computer Security, 13:4, 2005, pp.311 – 327
4.Moshe Zviran, Nava Pliskin, Ron Levin “Measuring User Satisfaction And Perceived Usefulness In The ERP Context,” The Journal of Computer Information Systems, 45:3, 2005, pp.43-52
5.Girard, K., and M. A. Farmer. “Business Software Firms Used Over Implementation,” CNET News.com, November 1999.
6.Hunton J. E., Wright A. M., and Wright S. “Are Financial Auditors Overconfident in Theory Ability to Assess Risk Associated with Enterprise Resource Planning Systems?” Journal of Information Systems, 18:2, 2004, pp.7-28
7.Casonato, R., “Application Integration: Making E-Business Work,” Gartner Group Report, September 2000.
8.Themistocleous, M., Irani, Z., O'Keefe, R. M., and Paul, R., “ERP Problems and Application Integration Issues: an Empirical Survey,” Proceedings of the 34th Annual Hawaii International Conference on System Sciences, HICSS, 2001, pp. 3775-3784.
9.Wright, S., and A. Wright. “Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations,” Journal of Information Systems, 16, 2002, pp.99-113.
10.Shaik J. M. “E-commerce Impact: Emerging Technology - Electronic Auditing,” Managerial Auditing Journal, 20: 4, 2005, pp. 408-422.
11.Brazel J. F. “A Measure of Perceived Auditor ERP Systems Expertise: Development, Assessment, and Uses,” Managerial Auditing Journal, 20:6, 2005, pp. 619-632.
12.Debreceny R., Lee S. L., Neo W., Toh J H. “Employing Generalized Audit Software in the Financial Services Sector: Challenges and Opportunities,” Managerial Auditing Journal, 20:6, 2005, pp. 605-618.
13.Braun R. L. and Davis H. E. “Computer-assisted Audit Tools and Techniques: Analysis and Perspectives,” Managerial Auditing Journal, 18:9, 2003, pp.725-731.
14.Frederick G. and Aleksandra L. “IS Audit Training Needs for the 21st Century: a Selected Assessment,” Journal of Computer Information Systems, 41:2, 2000, pp. 9-16.
15.Yourdon E. “Just Enough Structured Analysis,” 2005. Available from http://www.yourdon.com/strucanalysis/.
16.Olsen D. H. “Enhancing Integrity by Integrating Business Rules, Triggers, and Active Database Techniques,” IACIS, 2002. Available from http://www.iacis.org/iis/2002_iis/PDF%20Files/ OlsenyYatsenko.pdf
17.Wright A. “Forum on Continuous Auditing and Assurance,” Auditing, Mar 2002, 21:1, pp.123.
18.Warren J.D. and Parker X. L. “Continuous Auditing: Potential for Internal Auditors,“ The Institute of Internal Auditors Research Foundation, September 2003.
19.Kogan A., Sudit E. F., Vasarchelyi M. A. “Continuous Online Auditing: A Program of Research,” Journal of Inforamtion Systems, 13:2, 1999, pp.87-103.
20.Rezaee Z., Sharbatoghlie A., Elam R., McMickle P. L. “Continuous Auditing: Building Automated Auditing Capability,” Auditing, 21:1, 2002, pp.147-163.
21.ISACA standard board “Continuous Auditing: Is It Fantasy or Reality?” Information System Control journal, 5, 2002.
22.Searcy D., Woodroof J., Behn B. “Continuous Audit: The Motivations, Benefits, Problems, and Challenges Identified by Partner of a Big 4 Accounting Firm,” Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03), 2002.
23.Williams, Paul. “Continuous Auditing and Reporting - The Fourth World Symposium,” Information Systems Control Journal, 5, 2002. Available from http://www.isaca.org/TemplateRedirect.cfm? template= /ContentManagement/ContentDisplay.cfm&ContentID=17104
24.Searcy D. L. and Woodroof J. B. “Continuous Auditing: Leveraging Technology,” The CPA Journal, 75:5, 2003, pp.46-48
25.Kneer D.C. “Continuous Assurance: We are Way Overdue,” Information System Control Journal, 1, 2003. Available from http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16192&TEMPLATE=/ContentManagement/ContentDisplay.cfm
26.Chen S., “Continuous Auditing: Risk, Challenges and Opportunities,” International Journal of Applied Management and Technology, 1:1, 2003. Available from http://legacy.waldenu.edu/acad-prog/mmba/ijamt/0104 /iJAMT_PDF_2003-011a.pdf
27.Chen Y. “Continuous Auditing Using Strategic-system Approach,” Internal Auditing, 19:3, 2004, pp.31-36.
28.Nehmer, Robert. “Continuous Audits: Taking the Plunge,” Information Systems Control Journal, 1, 2003.
29.Nelson L. “Stepping into Continuous Audit,” Internal Auditor, 61:2, 2004, pp.27-29.
30.Zhao N., Yen D. C., Chang I. C. “Auditing in the E-commerce Era,” Information Management & Computer Security, 12:5, 2004, pp.389-399.
31.Pathak J., Chaouch B., Sriram R. S. “Minimizing Cost of Continuous Audit: Counting and Time dependent strategies,” Journal of Account and Public Policy, 24:1, 2005, pp.61-69.
32.Huffman A. and Grump J. “Applying Continuous Controls Monitoring for Achieving Compliance and Business Improvement,” Financial Executive, 21:8, Oct 2005, pp.54-56.
33.Murthy U. S. “An Analysis of the Effects of Continuous Monitoring Controls on e-Commerce System Performance,” Journal of Information Systems, 18:2, 2004, pp.29-47.
34.Rezaee Z., Ford W., Elam R. “Real-time Accounting Systems,” Internal Auditor, April 2000.
35.Rezaee Z. and C. Hoffman “XBRL: standard electronic financial reporting,” Internal Auditor, August 2001, pp.46-51.
36.Fiske T. “INDUSTRY VIEW Real-time Accounting,” Automation World Article, April 2004, pp.60.
37.Vasarhelyi, M. A., Alles, M. G. and Kogan, A “Principles of Analytic Monitoring for Continuous Assurance,” Journal of Emerging Technologies in Accounting, 1:1, 2004, pp.1-24.
38.Ashcroft P. “Real-Time Accounting,” The CPA Journal, April 2005, pp.16.
39.Gal G. and McCarthy W. E. “Specification of Internal Controls in a Database Environment,” Computers and Security, March 1985, pp.23-32
40.Groomer, S. M., and U. S. Murthy “Continuous Auditing of Database Applications: An embedded audit module approach,” Journal of Information Systems, 3:1, 1989, pp.53-69.
41.Bodnar G. & Hopwood W., Accounting Information Systems(9ed), Prentice-Hall, 2004, ISBN: 0-13-008205-8
42.Orman L. V. “Database Audit and Control Strategies,” Information Technology and Management, 2, 2001, pp.27-51.
43.Bodnar G. H. “SQL: An Internal Audit Technology,” Internal Auditing, 19:1, 2004, pp.34-38.
44.Cohen E.E., Hannon N. “How XBRL will change your practice,” The CPA Journal, 2000, pp.1-5.
45.Weisel, J. A. “The Financial Reporting Revolution and XBRL: Another Fad or Is This Really Going to Work,” Journal of Accounting Research, 10:3, 2002, pp.26-34.
46.Terry Judd, T. & Kennedy, G.E. “More sense from audit trails: exploratory sequential data analysis,” Proceedings of the 21st ASCILITE Conference, December 2004, pp.476-484. Available from http://www.ascilite.org.au/conferences/perth04/procs/judd.html.
47.Murthy, U. S. and Groomer, S. M. “A continuous auditing web services model for XML-based accounting systems,” International Journal of Accounting Information Systems, 5, 2004, pp.139-163.
48.Bailey, A. D. Jr., G. L. Duke, J. H. Gerlach, C. E. Ko, R. D. Meservy, and A. B. Whinston, “TICOM and the analysis of internal controls,” The Accounting Review, 60(2), 1985, pp.186-201.
49.Minsky, N. H. “Independent online monitoring of evolving systems,” In Procedings of 18th International Conference on Software Engineering (ICSE)., 1996, pp.134-143. Available from http://www.cs.rutgers.edu/~minsky
50.Mercuri R. T. “On Auditing Audit Trails,” Communications of the ACM, 46:1, 2003, pp.17-20.
51.Arens A. A., Elder R. J., and Beasley M. S., Auditing and Assurance Services, Tenth Edition, Prentice Hall, 2004, ISBN:0-13-127322-1.
52.Steven, M. G. “Implementing ERP,” Internal Auditor, 56:1, Feb 1999, pp.40-46.
53.Cooke M., “Application Audits: A Primer for Internal Auditing Professionals,” AuditNet, 2004. Available from http://www.acl.com/pdfs/0304-Auditnet.pdf
54.Niv A., Seev N,, Moshe Z. “A System of Development Methodology for ERP Systems,” Journal of Computer Information Systems, 42:3, 2002, pp.56-67.
55.Whitten J. L., Bentley L. D., Dittman K. C., System Analysis and Design Methods, McGraw Hill companies, 2004, ISBN: 0-07-121521-2.
56.Odeh M., Hauer T., McClatchey R., Solomonides T. “A Use-Case Driven Approach in Requirements Engineering: The MammoGrid Project,” Proceeding of Software Engineering and Applications, 2003.
57.Eriksson, Hans-Erik and Penker, Magnus, Business Modeling with UML: Business Patterns at work, Wiley & Sons, Fall 1999, ISBN: 0-471-29551-5.
58.Booch, Grady, Jacobson, Ivar and Rumbaugh,James, The Unified Modeling Language Users Guide, Addison Wesley, 1998, ISBN 0-7923-8666-3.
59.IBM “Rational Software Modeler”, IBM Rational Software Development Platform Information Center, (2005), Available from http://publib.boulder.ibm.com/infocenter/rtnl0600/index.jsp?topic=/com.ibm.xtools.modeler.doc/topics/tcreateucd.html
60.Turetken O., Schuff D., Sharda R., and Terence T. O. “Supporting Systems Analysis and Design Through Fisheye Views,” Communications of ACM, 47:9, 2004, pp.72-77.
61.Chen P. “The Entity Relationship Model – Toward a Unified View of Data,” ACM Transaction On Database Systems, 1:1, 1977, pp.9-36.
62.Rob P, Coronel C. Database Systems: Design, Implementation and Management, 5th ed., 2001, Boston: Course Technology Books, ISBN: 0-619-06269-X
63.Cerullo M. J., Cerullo M. V., and Hardin T. “Computer Techniques Used to Audit the Purchasing Function,” Internal Auditing, 1999, pp.17-25
64.IIA “The 2005 Internal Auditor Software Survey Results,” 2005. Available from http://www.acl.com/pdfs/IIA_Survey_Summary.pdf
65.Cooke M. “Application Audits: A Primer for Internal Auditing Professionals,” AuditNet, 2004. Available from http://www.acl.com/pdfs/0304-Auditnet.pdf
66.Lanza R. B. “What Are the Common Reasons to NOT Use Audit Software?” AuditSoftware.Net, available from http://www.auditsoftware.net /community/why/articles/commonNOT.htm
67.Fang Z “Management of Information Technology and Business Process Re-engineering: A Case Study,” Industrial Management & Data Systems, 104:8, 2004, pp.674-680.
68.Okrent M. D., Vokurka R. J. “Process Mapping in Successful ERP implementations,” Industrial Management & Data Systems, 104:8, 2004, pp.637-643.
69.Eining, M. M. and Dorr, P. B. (1991). “The impact of Expert System Usage on Experiential Learning in an Auditing Setting.” Journal of Information Systems. 5:2, pp.1-16.
70.Sharda, R., Barr, S. H., and McDonnell, J.C. (1988). “Decision Support System Effectiveness: A Review and an Empirical Test.” Management Science. 34:2, pp.139.
71.Changchit C., Holsapple C.W., and Madden D. L. “Supporting Managers’ internal control evalustions: an expert system and experimental results,” Decision Support Systems, 30:4, 2001, pp.437-449.
72.Changchit C. and Holsapple C.W. “The Development of An Expert System for Managerial Evaluation of Internal Controls,” Intelligent Systems in Accounting, Finance and Management, 12, 2004, pp.103-120.
73.Changchit C. “An Expert System for Supporting Managers’ Internal Control Evaluations,” Dissertation, University of Kentucky, 1999.
74.Davis FD., “Perceived Usefulness, Perceived Easy of Use, and User Acceptance of Information Technology”, MIS Quarterly, 15:3, 1989, pp. 319-340
75.Oscar B. “A Novel Approach to Joint Business and Information System Design,” Journal of Computer Information Systems, 45:3, 2005, pp.96-106.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔