信息化环境下独立审计风险研究
|
摘要
随着信息技术和网络的迅速发展、各种经营管理和财务系统在市场经济主体中的不断应用,独立审计客体(统称被审计单位)的信息化趋势日趋增强。在被审计单位日渐全新的信息化环境下,具体审计目标发生扩展,审计对象空前加大,审计方法和手段也需要信息化,再加之与信息化环境相应的审计规范和其他法律法规的缺失,都使得信息化环境下独立审计风险因素变得更加复杂和难以确定。审计活动历来属于高风险的职业领域,这种高风险既来自于全社会对审计工作质量越来越高的厚望和要求,也来自于日益复杂化的审计工作环境。在信息化环境下,独立审计风险问题是注册会计师审计工作的核心问题,了解和控制独立审计风险也是注册会计师审计的必须首要解决的问题。
本文以被审计单位日益信息化的内外部环境为背景,选择注册会计师审计这一视角,按照传统审计理论框架和现代风险管理理论的主要分析方法,对信息化环境下独立审计风险的来源、评估与控制等问题进行了全面系统地分析和论述。
本文从信息化环境对独立审计风险的影响入手,首先界定了信息化环境下独立审计风险的概念与特征,并用经济学理论对审计风险的形成机理进行了分析,从理论角度阐述了审计风险的不可避免性和可能来源。由于审计目标决定审计风险的具体来源,本文就信息化环境下扩展的具体审计目标进行了详细解析,归纳了信息化环境下独立审计风险的特定来源,并在此基础上提出了“重大错误风险”的概念。
在信息化环境下,独立审计重大错误风险的准确评估是审计风险控制的核心内容。根据风险的特征,本文综合运用层次分析法、熵权法和模糊综合评价法,构建了信息化环境下重大错误风险的评估模型,通过对该风险的量化评估,可以更加理性的确定和评价信息化环境下的审计风险。
独立审计风险的评估仅仅是审计风险控制的前提,由于信息化环境下审计风险的空前复杂和难以把握,独立审计人员必须严格按照风险导向审计的职业要求,进行风险控制和完成审计工作。信息化环境下的风险导向审计模式与传统环境的现代风险导向审计模式不同,它以测试电子数据及信息系统的重大错误风险为核心,风险导向性更为复杂,本文将其命名为数据风险导向审计模式。通过实务中的案例全面阐释和分析了数据风险导向审计模式的主要工作流程、审计测试内容和风险控制方法,并在此基础上以重要性水平为标准设计了数据风险绩效考核指标。审计风险的控制过程也是审计的过程。注册会计师需要严格按照数据风险导向审计模式的要求执业,才能有效地分析、评估和控制信息化环境下的审计风险。
为验证数据风险导向审计模式及重大错误风险评估模型,本文选择了信息化程度比较高的被审计单位“某证券公司”的资产负债损益审计事项作了实证。结果证明,本文提出的数据风险审计导向模式及风险评估模型,在审计实践中能够帮助注册会计师较为客观地确定风险水平和领域,促进其提高审计工作效率和工作质量,风险控制效果明显。
With the rapid development of the information technology&network and the application of kinds of business, management and financial systems in the main bodies of market economy, the information trend in the audit objects (All are called the audited units) has enhanced gradually. With such a brandy-new information environment, the specific audit targets have increased, the audit objects are enlarged and methods and technique also involve IT. All these make the independent audit risk factors become even more complicated and difficult to determine with the lack of related law and audit criterion in the information environment. The audit profession is always the career with high risks. The risks not only come from the desire and requirement on high quality of audit from the whole society, but also come from the audited units with more and more degree informationization. The risks’problems are the critical difficulties for the CPAs, and comprehension and control the risks are the first jobs in the information environment for auditors.
This dissertation analyzes and discusses problems of risks’source, assassment and control deeply in the information environment of the audited units from the angle of CPAs’view by using the theory frame of traditional audit and methods of the modern risk management.
This paper begins with the analyzing the influence of information environment to the audit risks. And firstly it defines the concept and characteristics of audit risks in the environment and analyzes the mechanism of the risks’formation, which makes it clear that audit risks are unavoidable and where is the possible sourse from theory angle. Because the specific source of audit risks depends on the audit objectives, the next part of this paper is to analyze the audit specific objectives in detail and summarize the special sources of audit risks in the information environment. And then this paper puts forward the conception of“significant error risk”.
In the information environment, the accurate assessment of independent audit significant error risk is the kernel audit job. This paper applies synthetically the AHP, entropy weight method and the fuzzy method to evaluate the significant error risk by developing the assessment model of significant error risk according to its characteristics. Using this assessment model can make the determining and assessment of the audit risks more objectively.
But assessment of the audit risks is just the prerequisite of the risk control. Because the risks in the information environment is unprecedented complex and difficult to hold, independent auditors must control the audit risks and fulfill the job strictly by the guide of risk-based audit approach. The risk-based audit approach in the information environment is different from the traditional one because its key part is to detect the significant error lying in the electronic data and their information systems. So this approach is named“data-risk-based audit approach”. Next, the whole audit working flow, audit test contents and risk controlling methods are analyzed using the cases in audit practice. And the indicators of risk performance assessment are designed on basis of the materiality level. The audit process is also the risk control process. Only CPAs work strictly by this approach, can the audit risks be analyzed, assessed and controlled effectively.
At last, one Securities Company with high degree information environment is chosen as empirical verification to test the data-based-risk approach and its risk assessment model. It concludes that they are effective in determining the level and areas of the risks and can promote the effective and efficiency of the audit.
本文以被审计单位日益信息化的内外部环境为背景,选择注册会计师审计这一视角,按照传统审计理论框架和现代风险管理理论的主要分析方法,对信息化环境下独立审计风险的来源、评估与控制等问题进行了全面系统地分析和论述。
本文从信息化环境对独立审计风险的影响入手,首先界定了信息化环境下独立审计风险的概念与特征,并用经济学理论对审计风险的形成机理进行了分析,从理论角度阐述了审计风险的不可避免性和可能来源。由于审计目标决定审计风险的具体来源,本文就信息化环境下扩展的具体审计目标进行了详细解析,归纳了信息化环境下独立审计风险的特定来源,并在此基础上提出了“重大错误风险”的概念。
在信息化环境下,独立审计重大错误风险的准确评估是审计风险控制的核心内容。根据风险的特征,本文综合运用层次分析法、熵权法和模糊综合评价法,构建了信息化环境下重大错误风险的评估模型,通过对该风险的量化评估,可以更加理性的确定和评价信息化环境下的审计风险。
独立审计风险的评估仅仅是审计风险控制的前提,由于信息化环境下审计风险的空前复杂和难以把握,独立审计人员必须严格按照风险导向审计的职业要求,进行风险控制和完成审计工作。信息化环境下的风险导向审计模式与传统环境的现代风险导向审计模式不同,它以测试电子数据及信息系统的重大错误风险为核心,风险导向性更为复杂,本文将其命名为数据风险导向审计模式。通过实务中的案例全面阐释和分析了数据风险导向审计模式的主要工作流程、审计测试内容和风险控制方法,并在此基础上以重要性水平为标准设计了数据风险绩效考核指标。审计风险的控制过程也是审计的过程。注册会计师需要严格按照数据风险导向审计模式的要求执业,才能有效地分析、评估和控制信息化环境下的审计风险。
为验证数据风险导向审计模式及重大错误风险评估模型,本文选择了信息化程度比较高的被审计单位“某证券公司”的资产负债损益审计事项作了实证。结果证明,本文提出的数据风险审计导向模式及风险评估模型,在审计实践中能够帮助注册会计师较为客观地确定风险水平和领域,促进其提高审计工作效率和工作质量,风险控制效果明显。
With the rapid development of the information technology&network and the application of kinds of business, management and financial systems in the main bodies of market economy, the information trend in the audit objects (All are called the audited units) has enhanced gradually. With such a brandy-new information environment, the specific audit targets have increased, the audit objects are enlarged and methods and technique also involve IT. All these make the independent audit risk factors become even more complicated and difficult to determine with the lack of related law and audit criterion in the information environment. The audit profession is always the career with high risks. The risks not only come from the desire and requirement on high quality of audit from the whole society, but also come from the audited units with more and more degree informationization. The risks’problems are the critical difficulties for the CPAs, and comprehension and control the risks are the first jobs in the information environment for auditors.
This dissertation analyzes and discusses problems of risks’source, assassment and control deeply in the information environment of the audited units from the angle of CPAs’view by using the theory frame of traditional audit and methods of the modern risk management.
This paper begins with the analyzing the influence of information environment to the audit risks. And firstly it defines the concept and characteristics of audit risks in the environment and analyzes the mechanism of the risks’formation, which makes it clear that audit risks are unavoidable and where is the possible sourse from theory angle. Because the specific source of audit risks depends on the audit objectives, the next part of this paper is to analyze the audit specific objectives in detail and summarize the special sources of audit risks in the information environment. And then this paper puts forward the conception of“significant error risk”.
In the information environment, the accurate assessment of independent audit significant error risk is the kernel audit job. This paper applies synthetically the AHP, entropy weight method and the fuzzy method to evaluate the significant error risk by developing the assessment model of significant error risk according to its characteristics. Using this assessment model can make the determining and assessment of the audit risks more objectively.
But assessment of the audit risks is just the prerequisite of the risk control. Because the risks in the information environment is unprecedented complex and difficult to hold, independent auditors must control the audit risks and fulfill the job strictly by the guide of risk-based audit approach. The risk-based audit approach in the information environment is different from the traditional one because its key part is to detect the significant error lying in the electronic data and their information systems. So this approach is named“data-risk-based audit approach”. Next, the whole audit working flow, audit test contents and risk controlling methods are analyzed using the cases in audit practice. And the indicators of risk performance assessment are designed on basis of the materiality level. The audit process is also the risk control process. Only CPAs work strictly by this approach, can the audit risks be analyzed, assessed and controlled effectively.
At last, one Securities Company with high degree information environment is chosen as empirical verification to test the data-based-risk approach and its risk assessment model. It concludes that they are effective in determining the level and areas of the risks and can promote the effective and efficiency of the audit.
引文
1 G.D. Swash. The Information Audit. Journal of Managerial Psychology. 1997, 12(5): 312-318
2谭恒.信息化环境下企业成本管理探索.会计之友.2006, (6): 25-26
3陈婉玲,韦沛文.网络经营与网络财会条件下的审计初探.会计研究.2000, (7): 42-45
4 Soon-Yong Choi, Dale O.Stahl Andrew B.Whinston.The Economics of Electronic Commerce.张大力,刘维斌等译.电子工业出版社,2000:30-43
5 S.E. Kovar, K.G. Gurke, BR. Kovar. Consumer Responses to CPA WebTrust Assurance. Journal of Information System. 2000, (Spring):17-36
6马烈.影响审计风险的宏观环境因素.合作经济与科技.2006, (4): 62-63
7谢德明.论审计独立性理论研究的新动向.审计与经济研究.2006(1):13-16
8李君,蒋志勇.浅论网络系统对审计的影响.财会月刊.2001,(9):10
9 B.T. Pentland. Information Systems and Organizational Learning: The Social Epistemology of Organizational Knowledge Systems. Accounting, Management and Information Technologies. 1995, 5 (1):1-21
10 C. Flint, Ian A.M. Frasera, D.J. Hatherly. Business Risk Auditing: A Regressive Evolution?—A Research Note. Accounting Forum.2008, 32(6): 143-147
11曾萌.我国开展风险导向审计应注意的几个问题.财会月刊.2003, (8):51-52
12中国企业风险管理发展.中国审计教育网. www.shenji.org. 2006,6,29
13邹杰荣.信息化——审计人员的新挑战.审计与理财.2006, (5):13-14
14 T. Lord. ISACA Model Curricula 2004. International Journal of Accounting Information Systems. 2004,5 (7): 251-265
15 IFAC. Handbook of International Auditing, Assurance, and Ethics Pronouncemen-ts, Glossary Of Terms At December 2002, International Federation of Accountants. 2004:132-147
16胡春元.现代风险审计.东北财经大学出版社.2001:17-22
17 Criteria of Control Board. Guidance on Control. Canadian Institute of CharteredAccountants. 1995,(12):4-38
18 Institute of Chartered Accountants in England and Wales. Internal Control: Gu-idance for Directors on the Combined Code. 1999, 1-7
19 D. L. Green. Litigation Risk for Auditors and the Risk Society. Critical Perspecti-ves on Accounting. 1999,10(6): 339-353
20颜永廷.现代风险导向审计浅析.内蒙古科技与经济.2005, (23):81-83
21 E. Eugene Schultz. Sarbanes–Oxley—A Huge Boon to Information Security in the US. Computers & Security. 2004, 23(6): 353-354
22 AICPA. Statement on Auditing Standards No.99: Consideration of Fraud in a Financial Statement Audit, SAS 99. Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). 2002,(10):5-25
23 IAASB. International Standard on Auditing 330 (ISA 330),“The Auditor’s Procedures in Response to Assessed Risks”. International Federation of Accountants, New York. 2003:96-114
24 IAASB. International Standard on Auditing 315 (ISA315),“Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement”. International Federation of Accountants, New York, 2003:53-96
25 Canadian Institute of Chartered Accountants (CICA). CICA Handbook-Assurance. Toronto, Canada: Canadian Institute of Chartered Accountants; 2005,(9):4-8
26 A C. Davis. Assessing Risk: AICPA’s New Risk Assessment Standards Present a Sea Change for Auditors. Accounting &Tax Periodicals. 2006,74,10(6):17
27 Anonymous. The CPA Letter. 2007 Audit Guides Being Updated for New Risk Assessment Standards. Accounting & Tax Periodicals. 2007, 87, 6(6): 14
28 C. Carnaghan. Business Process Modeling Approaches in the Context of Process Level Audit Risk Assessment: An Analysis and Comparison. International Journal of Accounting Information Systems. 2006, (7): 170-204
29 J T. Davis, A. P. Massey & Ronald E.R. Lovell II. Supporting a Complex Audit Judgment Task: An Expert Network Approach. European Journal of Operational Research. 1997, (103): 350-372
30 G. T. Friedlob, L.L.F.Schleifer. Fuzzy Logic: Application for Audit Risk and Uncertainty. Managerial Auditing Jounral.1999,14(3):127-137
31 P. Rousea, M. Putterilla, D. Ryanb. Integrated Performance Measurement Design: Insights From an Application in Aircraft Maintenance. Management Accounting Research. 2002, 13 (6): 229-248
32 Carol A. Knapp, Michael C. Knapp. The Effects of Experience and ExplicitFraud Risk Assessment in Detecting Fraud with Analytical Procedures. Accounting, Organizations and Society. 2001, (26): 25-37
33 W.R.Knechel, J. Payne. Additional Evidence on Audit Report Lags. Auditing: A Journal of Practice and Theory. 2001,20(1): 137-146
34 W.R.Knechel. The Business Risk Audit: Origins, Obstacles and Opportunities. Accounting, Organizations and Society. 2007,32(4/5): 383-408
35 W.M.Lemon, K.W.Tatum, W. S.Turley. Developments in the Audit Methodologies of Large Accounting Firms.London: ABG Publications. 2000:12-28
36 T. B.Bell, F. O.Marrs, I.Solomon, H.Thomas, Auditing Organizations Through a Strategic-Lens: The KPMG Business Measurement Process. KPMG, New York. 1997:14-63
37 M.Diane Ward. HIPAA Compliance with Novell and PricewaterhouseCoopers' Integrated Solution. The Case Manager. 2001,12(7):31
38段宏.风险导向审计模式下风险偏好的影响研究.西南交通大学博士研究生学位论文.2006,12:11-14
39 Thomas G. Calderon, John J. Cheh. A Roadmap for Future Neural Networks Research in Auditing and Risk Assessment. International Journal of Accounting Information Systems. 2002, (3): 203-236
40 W. Kwak, Y. Shi, K. Jung. Human Resource Allocation in a CPA Firm.Review of Quantitative Finance and Accounting.2003, 20(3):277-290
41 International Federation of Accountants(IFAC). Handbook of International Auditing, Assurance, and Ethics Pronouncements, 2008 Edition Part II. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (Redrafted). 2008(3): 115-167
42 V. P Vendrzyk, N. A. Bagranoff.The Evolving Role of IS Audit: A Field Study Comparing the Perceptions of IS and Financial Auditors. Advances in Accounting. 2003,(20): 141-163
43 Chien-Chih Yu, Hung-Chao Yu and & Chi-Chun Chou. The Impacts of Electronic Commerce on Auditing Practices: An Auditing Process Model for Evidence Collection and Validation. International Journal of Intelligent Systems in Accounting, Finance & Management. 2000, (9): 195-216
44 American Institute of Certified Public Accountants (AICPA) and CanadianInstitute of Chartered Accountants (CICA). Electronic Commerce Assurance Services Task Force. WebTrust Principles and Criteria for Business-to-Consumer Electronic Commerce. 1999, Version 1.1 (2):7-43
45 Steve G. Sutton, Clark Hampton. Risk Assessment in An Extended Enterprise Environment: Redefining the Audit Model. International Journal of Accounting Information Systems.2003, (4): 57-73
46格林斯坦·法因曼.电子商务的安全与风险管理.华夏出版社,2001:08-70
47 Yvonne L. Hinson, Dale R. Martin, Jim Brennan, and Allison Evans. Buying an eBusiness? Learn Your Audit Risks! The Journal of Corporate Accounting & Finance. 2001(1/2):37-43
48 Elliott R. 21st Century Assurance. AAA Auditing Section Mid-Year Meeting. 2001(1):12-15
49 Khazanchi D, Sutton SG. Assurance Services for Business-to-Business Electronic Commerce: A Framework and Implications. Journal of Association of Information System, 2001:1-54.
50 IFAC. Electronic Commerce Using the Internet or Other Public Networks - Effect on the Audit of Financial Statements [Proposed International Auditing Standard-International Federation of Accountants]. 2001,(10):39-83
51 IFAC. E-Business and the Accountant. International Federation of Accountants. 2002:3-5
52 L. Kwok, D.Langley. Information Security Management and Modeling. Information Management and Computer Security. 1999, 7(1): 30-40
53 D. Korvin, F. M. Shipley, Khursheed Omer MER. Assessing Risks due to Threats to Internal Control in a Computer-based Accounting Informationg System: A Pragmatic Approach Based on Fuzzy Set Theory. Intelligent Systems in Accounting, Finance and Management. 2004,(12): 139-152
54 J. Pathak, B. Chaouch, R. S. Sriram. Minimizing Cost of Continuous Audit: Counting and Time Dependent Strategies. Journal of Accounting and Public Policy. 2005, 24(1-2): 61-75
55 G. Selima, D. McNamee. The Risk Management and Internal Auditing Relationship: Developing and Validating a Model. International Journal of Auditing. 1999, (3): 159-174
56张仁寿.论审计风险模型的局限性及改进意见.广东审计.2000, (6):8-14
57周家才.试论审计风险概念及审计风险模型的重建.财经问题研究. 2002, (6): 64-67
58吕博.加入WTO对CPA意味着什么.中国财经报. 2002,9,14
59王砚书,王永生.独立审计风险模型与风险管理分析.财会月刊. 2004, (11): 39-40
60周立宁.独立审计风险的模型重构与管理行为再认识.河北师范大学学报(哲学社会科学版). 2006, (5): 43-47
61陈才涛,张岩,田治威.风险基础审计模式下的审计风险模型重建.当代经济. 2004,(9): 72-73
62高晓春,李鸿斌,高振宾.从信息学角度重建审计风险模型.审计与经济研究. 2003, (7): 19-22
63徐伟.试论风险导向审计及其在我国的运用.审计研究. 2004, (4): 64-67
64陈婉玲,杨文杰. ISACA信息系统审计准则及其启示.审计研究. 2006年增刊: 108-112
65蒋锡元.会计电算化下的审计风险与防范措施.中国管理信息化. 2006, (5): 74-75
66杨锐.浅析电子商务环境下审计风险.东北大学学报. 2003, (2): 14-20
67雷军辉.会计电算化条件下可能带来的审计风险.陕西审计. 2003, (2):2
68周新玲. IT环境下CPA的审计风险与方法措施.财会通讯. 2004, (5): 38-39
69王芬,王平心. ERP环境下CPA审计的探讨.陕西审计. 2003, (4): 28-29
70李闻一.网络经济下的审计风险与防范.湖北审计. 2001, (12): 45-46
71杨平波.网络审计的风险与防范.中国审计信息与方法. 2001, (1): 26-28
72彭轶达.网络经济条件下的审计风险及对策.中国锰业. 2003, (8): 43-45
73冯淑霞,裔传斌.计算机审计风险的成因与对策.中国管理信息化. 2006, (11): 46-47
74艾文国,朱志军. ERP环境下审计风险模型研究.哈尔滨工业大学学报(社会科学版). 2006, (5): 93-96
75姚培森,姚月新.网络经济下的审计风险模型重构.重庆工商大学学报(社会科学版). 2006,(2): 47-51
76马俊华.企业信息化及对审计风险的影响.法制与社会, 2007, (4): 367-368
77丁红燕.试析审计风险准则及其变化.会计之友. 2006, (8): 31-31
78陈力生.现代审计基础与实务.立信会计出版社. 2005: 7
79 Rich Hayes, Roger Dassen, Arnold Schilde, PhilipWallage.审计学——基于国际审计准则的视角.来明敏等译.机械工业出版社,2006:10
80刘明辉.审计与鉴证服务.高等教育出版社, 2007: 102
81 IFAC. Handbook of International Auditing, Assurance, and Ethics Prono- uncements, International Standards on Auditing 320(ISA320). Auditing materiality (AU 8025). International Federation of Accountants. 2004: 4-12
82刘实,许宁.制度导向与账表导向、风险导向审计的区别.中国审计信息与方法. 2003, (9): 30-32
83 IFAC. Evaluation of Misstatements Identified during the Audit. International Standards on Auditing 450 (Revised and Redrafted). International Federation of Accountants. 2004: 12-23
84刘三昌.系统导向审计与风险导向审计的比较及认识.财会月刊. 2001, (22): 36-37
85 R. Cameron. Modern Auditing & Assurance Service. John Wiley & Sons Australia, Ltd. 2004: 54-55
86 K. Robson, C. Humphrey, Rihab Khalifa, J. Jones. Transforming Audit Technologies: Business Risk Audit Methodologies and the Audit Weld. Accounting, Organizations and Society. 2007, (32): 409-438
87叶与宏.风险导向审计的新发展及其启示.财会通讯.2005, (9):50-51
88 P. Evelyn, D. Wright. Evidence of Fraud, Audit Risk and Audit Liability Reimes. Review of Accounting Studies. 2003, (8):105-131
89 Major Auditing Initiatives Coming to Fruition. Standard on Fraud Among The New Risk Model. www.aicpa.org.2007, 5,3
90 N. Liandu. Audit Risk in a Brave New World. American Accountant Assoication. www.acca.org. 2004,9,30
91对我国企业信息化现状分析. www. 21cn.com.2007,9,20
92 L.J. Bierstaker, P. Burnaby, J. Thibodeau. The Impact of Information Technology on the Audit Process: an Assessment of the State of the Art and Implications for the Future. Managerial Auditing Journal.2001,16(3): 159-164
93彭建平.关于计算机审计人才资源管理的思考.中国审计. 2005,(4): 51-52
94孙强.信息系统审计—安全、风险管理与控制.机械工业出版社,2003: XVII
95张金城.巧学计算机审计.中国审计出版社, 1999: 5-6
96胡晓明.信息时代的IS审计理论结构构建.中南财经政法大学学报. 2006,(3): 108-111
97高亮文.现代风险导向审计的风险概念分析.商业会计. 2006,(2): 48-49
98罗伯特. K.莫茨,侯赛因. A.夏拉夫.审计理论结构.中国商业出版社.1990:13.
99万长荣.网络审计的结构和应用中的问题.中国会计电算化, 2001,(8):16-18
100姚靠华,胡爱萍.未来审计的发展趋势:网络审计.中国管理信息化, 2005, (12): 36-38
101严定旭.计算机辅助审计要排除六个障碍.湖北审计. 2001,(4): 26-27
102任有泉.信息环境下审计项目的组织与管理.审计研究. 2006年增刊:7-9
103陈孝.现代审计功能拓展研究——概念框架与经验证据.西南财经大学博士研究生学位论文. 2006,12: 9-37
104陈力生,朱亚兵,高前善.审计风险管理研究.立信会计出版社, 2005: 9
105 J. Bierstaker, D. Janvrin, D. J. Lowe. An Examination of Factors Associated with the Type and Number of Internal Control Documentation Formats. Advances in Accounting. 2007,(23): 31-48
106傅元略,庄明来.计算机审计.上海人民出版社, 1999: 7-9
107 C. Davis. An Assessment of Accounting Information Security. CPA Journal. 1997, (3): 28-34
108 J. Korpela, A. Lehmusvaara, J. Nisonen. Warehouse Operator Selection by Combining AHP and DEA Methodologies. International Journal of Production Economics. 2007,108 (6): 135-142
109张宏亮,肖振东.基于AHP的公共环境投资项目效益审计评价指标体系的构建.审计研究. 2007, (1): 30-36
110宋华岭,王今.广义与狭义管理熵理论.管理工程学报. 2000, (1): 30
111饶盛华.网络审计中的内部控制.中国注册会计师. 2001, (4): 43-45
112肖军模,刘军,周海刚.网络信息安全.机械工业出版社, 2005: 134-136
113杨周南,赵纳晖,高宁.信息技术在会计和审计实务中的应用.清华大学出版社, 2003, 120-142
114胡克瑾. IT审计.电子工业出版社, 2003: 305-320
115龙方.浅谈网络审计的技术要素.法制与社会, 2006, (1): 116-117
116卢红柱.计算机信息系统审计的探索之路.审计研究, 2006年增刊: 18-20
117俞进福.试论信息系统审计的关键技术.闽江学院学报, 2007,(4):79-82
118周泳怡.电子数据的采集和分析初探.广东审计. 2006, (4): 36-39
119张磊,庄作钦.数据转换整理方法分析.中国审计. 2006, (18): 40-41
120石爱中,孙俭.初释数据式审计模式.审计研究. 2005, (4): 3-6
2谭恒.信息化环境下企业成本管理探索.会计之友.2006, (6): 25-26
3陈婉玲,韦沛文.网络经营与网络财会条件下的审计初探.会计研究.2000, (7): 42-45
4 Soon-Yong Choi, Dale O.Stahl Andrew B.Whinston.The Economics of Electronic Commerce.张大力,刘维斌等译.电子工业出版社,2000:30-43
5 S.E. Kovar, K.G. Gurke, BR. Kovar. Consumer Responses to CPA WebTrust Assurance. Journal of Information System. 2000, (Spring):17-36
6马烈.影响审计风险的宏观环境因素.合作经济与科技.2006, (4): 62-63
7谢德明.论审计独立性理论研究的新动向.审计与经济研究.2006(1):13-16
8李君,蒋志勇.浅论网络系统对审计的影响.财会月刊.2001,(9):10
9 B.T. Pentland. Information Systems and Organizational Learning: The Social Epistemology of Organizational Knowledge Systems. Accounting, Management and Information Technologies. 1995, 5 (1):1-21
10 C. Flint, Ian A.M. Frasera, D.J. Hatherly. Business Risk Auditing: A Regressive Evolution?—A Research Note. Accounting Forum.2008, 32(6): 143-147
11曾萌.我国开展风险导向审计应注意的几个问题.财会月刊.2003, (8):51-52
12中国企业风险管理发展.中国审计教育网. www.shenji.org. 2006,6,29
13邹杰荣.信息化——审计人员的新挑战.审计与理财.2006, (5):13-14
14 T. Lord. ISACA Model Curricula 2004. International Journal of Accounting Information Systems. 2004,5 (7): 251-265
15 IFAC. Handbook of International Auditing, Assurance, and Ethics Pronouncemen-ts, Glossary Of Terms At December 2002, International Federation of Accountants. 2004:132-147
16胡春元.现代风险审计.东北财经大学出版社.2001:17-22
17 Criteria of Control Board. Guidance on Control. Canadian Institute of CharteredAccountants. 1995,(12):4-38
18 Institute of Chartered Accountants in England and Wales. Internal Control: Gu-idance for Directors on the Combined Code. 1999, 1-7
19 D. L. Green. Litigation Risk for Auditors and the Risk Society. Critical Perspecti-ves on Accounting. 1999,10(6): 339-353
20颜永廷.现代风险导向审计浅析.内蒙古科技与经济.2005, (23):81-83
21 E. Eugene Schultz. Sarbanes–Oxley—A Huge Boon to Information Security in the US. Computers & Security. 2004, 23(6): 353-354
22 AICPA. Statement on Auditing Standards No.99: Consideration of Fraud in a Financial Statement Audit, SAS 99. Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). 2002,(10):5-25
23 IAASB. International Standard on Auditing 330 (ISA 330),“The Auditor’s Procedures in Response to Assessed Risks”. International Federation of Accountants, New York. 2003:96-114
24 IAASB. International Standard on Auditing 315 (ISA315),“Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement”. International Federation of Accountants, New York, 2003:53-96
25 Canadian Institute of Chartered Accountants (CICA). CICA Handbook-Assurance. Toronto, Canada: Canadian Institute of Chartered Accountants; 2005,(9):4-8
26 A C. Davis. Assessing Risk: AICPA’s New Risk Assessment Standards Present a Sea Change for Auditors. Accounting &Tax Periodicals. 2006,74,10(6):17
27 Anonymous. The CPA Letter. 2007 Audit Guides Being Updated for New Risk Assessment Standards. Accounting & Tax Periodicals. 2007, 87, 6(6): 14
28 C. Carnaghan. Business Process Modeling Approaches in the Context of Process Level Audit Risk Assessment: An Analysis and Comparison. International Journal of Accounting Information Systems. 2006, (7): 170-204
29 J T. Davis, A. P. Massey & Ronald E.R. Lovell II. Supporting a Complex Audit Judgment Task: An Expert Network Approach. European Journal of Operational Research. 1997, (103): 350-372
30 G. T. Friedlob, L.L.F.Schleifer. Fuzzy Logic: Application for Audit Risk and Uncertainty. Managerial Auditing Jounral.1999,14(3):127-137
31 P. Rousea, M. Putterilla, D. Ryanb. Integrated Performance Measurement Design: Insights From an Application in Aircraft Maintenance. Management Accounting Research. 2002, 13 (6): 229-248
32 Carol A. Knapp, Michael C. Knapp. The Effects of Experience and ExplicitFraud Risk Assessment in Detecting Fraud with Analytical Procedures. Accounting, Organizations and Society. 2001, (26): 25-37
33 W.R.Knechel, J. Payne. Additional Evidence on Audit Report Lags. Auditing: A Journal of Practice and Theory. 2001,20(1): 137-146
34 W.R.Knechel. The Business Risk Audit: Origins, Obstacles and Opportunities. Accounting, Organizations and Society. 2007,32(4/5): 383-408
35 W.M.Lemon, K.W.Tatum, W. S.Turley. Developments in the Audit Methodologies of Large Accounting Firms.London: ABG Publications. 2000:12-28
36 T. B.Bell, F. O.Marrs, I.Solomon, H.Thomas, Auditing Organizations Through a Strategic-Lens: The KPMG Business Measurement Process. KPMG, New York. 1997:14-63
37 M.Diane Ward. HIPAA Compliance with Novell and PricewaterhouseCoopers' Integrated Solution. The Case Manager. 2001,12(7):31
38段宏.风险导向审计模式下风险偏好的影响研究.西南交通大学博士研究生学位论文.2006,12:11-14
39 Thomas G. Calderon, John J. Cheh. A Roadmap for Future Neural Networks Research in Auditing and Risk Assessment. International Journal of Accounting Information Systems. 2002, (3): 203-236
40 W. Kwak, Y. Shi, K. Jung. Human Resource Allocation in a CPA Firm.Review of Quantitative Finance and Accounting.2003, 20(3):277-290
41 International Federation of Accountants(IFAC). Handbook of International Auditing, Assurance, and Ethics Pronouncements, 2008 Edition Part II. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (Redrafted). 2008(3): 115-167
42 V. P Vendrzyk, N. A. Bagranoff.The Evolving Role of IS Audit: A Field Study Comparing the Perceptions of IS and Financial Auditors. Advances in Accounting. 2003,(20): 141-163
43 Chien-Chih Yu, Hung-Chao Yu and & Chi-Chun Chou. The Impacts of Electronic Commerce on Auditing Practices: An Auditing Process Model for Evidence Collection and Validation. International Journal of Intelligent Systems in Accounting, Finance & Management. 2000, (9): 195-216
44 American Institute of Certified Public Accountants (AICPA) and CanadianInstitute of Chartered Accountants (CICA). Electronic Commerce Assurance Services Task Force. WebTrust Principles and Criteria for Business-to-Consumer Electronic Commerce. 1999, Version 1.1 (2):7-43
45 Steve G. Sutton, Clark Hampton. Risk Assessment in An Extended Enterprise Environment: Redefining the Audit Model. International Journal of Accounting Information Systems.2003, (4): 57-73
46格林斯坦·法因曼.电子商务的安全与风险管理.华夏出版社,2001:08-70
47 Yvonne L. Hinson, Dale R. Martin, Jim Brennan, and Allison Evans. Buying an eBusiness? Learn Your Audit Risks! The Journal of Corporate Accounting & Finance. 2001(1/2):37-43
48 Elliott R. 21st Century Assurance. AAA Auditing Section Mid-Year Meeting. 2001(1):12-15
49 Khazanchi D, Sutton SG. Assurance Services for Business-to-Business Electronic Commerce: A Framework and Implications. Journal of Association of Information System, 2001:1-54.
50 IFAC. Electronic Commerce Using the Internet or Other Public Networks - Effect on the Audit of Financial Statements [Proposed International Auditing Standard-International Federation of Accountants]. 2001,(10):39-83
51 IFAC. E-Business and the Accountant. International Federation of Accountants. 2002:3-5
52 L. Kwok, D.Langley. Information Security Management and Modeling. Information Management and Computer Security. 1999, 7(1): 30-40
53 D. Korvin, F. M. Shipley, Khursheed Omer MER. Assessing Risks due to Threats to Internal Control in a Computer-based Accounting Informationg System: A Pragmatic Approach Based on Fuzzy Set Theory. Intelligent Systems in Accounting, Finance and Management. 2004,(12): 139-152
54 J. Pathak, B. Chaouch, R. S. Sriram. Minimizing Cost of Continuous Audit: Counting and Time Dependent Strategies. Journal of Accounting and Public Policy. 2005, 24(1-2): 61-75
55 G. Selima, D. McNamee. The Risk Management and Internal Auditing Relationship: Developing and Validating a Model. International Journal of Auditing. 1999, (3): 159-174
56张仁寿.论审计风险模型的局限性及改进意见.广东审计.2000, (6):8-14
57周家才.试论审计风险概念及审计风险模型的重建.财经问题研究. 2002, (6): 64-67
58吕博.加入WTO对CPA意味着什么.中国财经报. 2002,9,14
59王砚书,王永生.独立审计风险模型与风险管理分析.财会月刊. 2004, (11): 39-40
60周立宁.独立审计风险的模型重构与管理行为再认识.河北师范大学学报(哲学社会科学版). 2006, (5): 43-47
61陈才涛,张岩,田治威.风险基础审计模式下的审计风险模型重建.当代经济. 2004,(9): 72-73
62高晓春,李鸿斌,高振宾.从信息学角度重建审计风险模型.审计与经济研究. 2003, (7): 19-22
63徐伟.试论风险导向审计及其在我国的运用.审计研究. 2004, (4): 64-67
64陈婉玲,杨文杰. ISACA信息系统审计准则及其启示.审计研究. 2006年增刊: 108-112
65蒋锡元.会计电算化下的审计风险与防范措施.中国管理信息化. 2006, (5): 74-75
66杨锐.浅析电子商务环境下审计风险.东北大学学报. 2003, (2): 14-20
67雷军辉.会计电算化条件下可能带来的审计风险.陕西审计. 2003, (2):2
68周新玲. IT环境下CPA的审计风险与方法措施.财会通讯. 2004, (5): 38-39
69王芬,王平心. ERP环境下CPA审计的探讨.陕西审计. 2003, (4): 28-29
70李闻一.网络经济下的审计风险与防范.湖北审计. 2001, (12): 45-46
71杨平波.网络审计的风险与防范.中国审计信息与方法. 2001, (1): 26-28
72彭轶达.网络经济条件下的审计风险及对策.中国锰业. 2003, (8): 43-45
73冯淑霞,裔传斌.计算机审计风险的成因与对策.中国管理信息化. 2006, (11): 46-47
74艾文国,朱志军. ERP环境下审计风险模型研究.哈尔滨工业大学学报(社会科学版). 2006, (5): 93-96
75姚培森,姚月新.网络经济下的审计风险模型重构.重庆工商大学学报(社会科学版). 2006,(2): 47-51
76马俊华.企业信息化及对审计风险的影响.法制与社会, 2007, (4): 367-368
77丁红燕.试析审计风险准则及其变化.会计之友. 2006, (8): 31-31
78陈力生.现代审计基础与实务.立信会计出版社. 2005: 7
79 Rich Hayes, Roger Dassen, Arnold Schilde, PhilipWallage.审计学——基于国际审计准则的视角.来明敏等译.机械工业出版社,2006:10
80刘明辉.审计与鉴证服务.高等教育出版社, 2007: 102
81 IFAC. Handbook of International Auditing, Assurance, and Ethics Prono- uncements, International Standards on Auditing 320(ISA320). Auditing materiality (AU 8025). International Federation of Accountants. 2004: 4-12
82刘实,许宁.制度导向与账表导向、风险导向审计的区别.中国审计信息与方法. 2003, (9): 30-32
83 IFAC. Evaluation of Misstatements Identified during the Audit. International Standards on Auditing 450 (Revised and Redrafted). International Federation of Accountants. 2004: 12-23
84刘三昌.系统导向审计与风险导向审计的比较及认识.财会月刊. 2001, (22): 36-37
85 R. Cameron. Modern Auditing & Assurance Service. John Wiley & Sons Australia, Ltd. 2004: 54-55
86 K. Robson, C. Humphrey, Rihab Khalifa, J. Jones. Transforming Audit Technologies: Business Risk Audit Methodologies and the Audit Weld. Accounting, Organizations and Society. 2007, (32): 409-438
87叶与宏.风险导向审计的新发展及其启示.财会通讯.2005, (9):50-51
88 P. Evelyn, D. Wright. Evidence of Fraud, Audit Risk and Audit Liability Reimes. Review of Accounting Studies. 2003, (8):105-131
89 Major Auditing Initiatives Coming to Fruition. Standard on Fraud Among The New Risk Model. www.aicpa.org.2007, 5,3
90 N. Liandu. Audit Risk in a Brave New World. American Accountant Assoication. www.acca.org. 2004,9,30
91对我国企业信息化现状分析. www. 21cn.com.2007,9,20
92 L.J. Bierstaker, P. Burnaby, J. Thibodeau. The Impact of Information Technology on the Audit Process: an Assessment of the State of the Art and Implications for the Future. Managerial Auditing Journal.2001,16(3): 159-164
93彭建平.关于计算机审计人才资源管理的思考.中国审计. 2005,(4): 51-52
94孙强.信息系统审计—安全、风险管理与控制.机械工业出版社,2003: XVII
95张金城.巧学计算机审计.中国审计出版社, 1999: 5-6
96胡晓明.信息时代的IS审计理论结构构建.中南财经政法大学学报. 2006,(3): 108-111
97高亮文.现代风险导向审计的风险概念分析.商业会计. 2006,(2): 48-49
98罗伯特. K.莫茨,侯赛因. A.夏拉夫.审计理论结构.中国商业出版社.1990:13.
99万长荣.网络审计的结构和应用中的问题.中国会计电算化, 2001,(8):16-18
100姚靠华,胡爱萍.未来审计的发展趋势:网络审计.中国管理信息化, 2005, (12): 36-38
101严定旭.计算机辅助审计要排除六个障碍.湖北审计. 2001,(4): 26-27
102任有泉.信息环境下审计项目的组织与管理.审计研究. 2006年增刊:7-9
103陈孝.现代审计功能拓展研究——概念框架与经验证据.西南财经大学博士研究生学位论文. 2006,12: 9-37
104陈力生,朱亚兵,高前善.审计风险管理研究.立信会计出版社, 2005: 9
105 J. Bierstaker, D. Janvrin, D. J. Lowe. An Examination of Factors Associated with the Type and Number of Internal Control Documentation Formats. Advances in Accounting. 2007,(23): 31-48
106傅元略,庄明来.计算机审计.上海人民出版社, 1999: 7-9
107 C. Davis. An Assessment of Accounting Information Security. CPA Journal. 1997, (3): 28-34
108 J. Korpela, A. Lehmusvaara, J. Nisonen. Warehouse Operator Selection by Combining AHP and DEA Methodologies. International Journal of Production Economics. 2007,108 (6): 135-142
109张宏亮,肖振东.基于AHP的公共环境投资项目效益审计评价指标体系的构建.审计研究. 2007, (1): 30-36
110宋华岭,王今.广义与狭义管理熵理论.管理工程学报. 2000, (1): 30
111饶盛华.网络审计中的内部控制.中国注册会计师. 2001, (4): 43-45
112肖军模,刘军,周海刚.网络信息安全.机械工业出版社, 2005: 134-136
113杨周南,赵纳晖,高宁.信息技术在会计和审计实务中的应用.清华大学出版社, 2003, 120-142
114胡克瑾. IT审计.电子工业出版社, 2003: 305-320
115龙方.浅谈网络审计的技术要素.法制与社会, 2006, (1): 116-117
116卢红柱.计算机信息系统审计的探索之路.审计研究, 2006年增刊: 18-20
117俞进福.试论信息系统审计的关键技术.闽江学院学报, 2007,(4):79-82
118周泳怡.电子数据的采集和分析初探.广东审计. 2006, (4): 36-39
119张磊,庄作钦.数据转换整理方法分析.中国审计. 2006, (18): 40-41
120石爱中,孙俭.初释数据式审计模式.审计研究. 2005, (4): 3-6