電子商務型企業資訊風險與內控管理機制之研究

Chung-Kai Teng; 鄧中凱

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/22042

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	郭瑞祥
dc.contributor.author	Chung-Kai Teng	en
dc.contributor.author	鄧中凱	zh_TW
dc.date.accessioned	2021-06-08T03:59:26Z	-
dc.date.copyright	2021-02-22
dc.date.issued	2020
dc.date.submitted	2020-12-02
dc.identifier.citation	一、中文部份 [1] 方至民 (2015) ，策略管理建立企業永續競爭力，前程文化事業出版，2015/06/09。 [2] 司徒達賢，策略管理，遠流出版，1996/01/29。 [3] 李坤清、蔡旭升、沈正玔、柯志偉 (2012) 。MIS 面對 IFRS 導入之因應對策。 [4] 邱義城，策略聖經，商周出版，1997/09/01。 [5] 邱婉春 (2012a, 2012b) 。導入 IFRS 對臺灣 ERP 市場之影響。臺灣，臺北市：資策會產業情報研究所。 [6] 林柄滄 (2013) 。內部稽核理論與實務 (6 版) 。臺北市：內部稽核協會。 [7] 林雅芳 (2012) 。導入國際財務報導準則對內部控制影響之研究。內部稽核，80，35-38。 [8] 美國註冊會計師協會 (AICPA) ，“關於審計準則聲明的編纂”，紐約：AICPA，1996年。 [9] 馬嘉應、張先治、張力 (2006a, 2006b) 。內部控制制度應用與執行之研究 (上, 中) 。會計研究月刊， 243，110-118; 244, 114-119。 [10] 張碩毅、黃士銘、阮金聲、洪育忠、洪新原 (2008) 。企業資源規劃 (2 版) 。臺北市：全華圖書股份有限公司。 [11] 黃明祥、林詠章，資訊與網路安全概論-建構雲端運算安全 (第四版) ，美商麥格羅希爾，2011-08-31。 [12] 陳清裕、郭章芳 (2012) 。與 IFRS 接軌，您的系統及流程都調整好了嗎？內部稽核，77，21-24。 [13] 陳高山著，洪明洲編審 (2003) ，企業致勝之道策略規劃實務，SGS Taiwan Ltd，2003。 [14] 湯明哲 (2011) ，策略精論，基礎篇，進階篇旗標，2011/07/01。 [15] 葉重新，教育研究法 (第三版) ，心理，2017/05/01。 [16] 潘天佑，資訊安全概論與實務 (第三版) ，碁峰，2012-12-23。 [17] 潘淑滿 (2003) ，質性研究理論與應用，心理，2003-02-25。 [18] 蕭富峰，行銷聖經，商周出版，2001-03-08。 [19] 戴國良 (2010) ，策略管理：策略分析與本土個案實務 (三版) ，鼎茂，2010/02/05。 [20] 羅英嘉，CISSP與資訊安全基礎技術，財團法人資訊工業策進會 (博康) ，2008/03/01。二、英文部份 [1] Akhtaruddin, M., Ohn, J. (2016). Internal control deﬁciencies, investment opportunities, and audit fees. International Journal of Accounting and Finance, 6(2), 127-144. [2] Altamuro, J., Beatty, A. (2010). How does internal control regulation affect financial reporting ？ Journal of Accounting and Economics, 49 (1-2), 58-74. [3] Amid, A., Moradi, S. (2013). A Hybrid Evaluation Framework of CMM and COBIT for Improving the Software Development Quality. Journal of Software Engineering and Applications, 6(5), 280-288. [4] Babar, S., Mahalle, P., Stango, A., Prasad, N., Prasad, R. (2010). Proposed security model and threat taxonomy for the internet of things (IoT). Proceedings of International Conference on Network Security and ApplicationsIn Recent Trends in Network Security and Applications (pp. 420-429). Springer Berlin Heidelberg, Chennai, India. [5] Bakker KD, Boonstra A, Wortmann H. ―Does risk management contribute to IT project success? a meta-analysis of empirical evidence, International Journal of Project Management, Vol.28, pp.493-503, 2010. [6] Baxter, P., Jack, S. (2008). Qualitative case study methodology: Study design and implementation for novice researchers. The Qualitative Report, 13(4), 544-559. [7] Beasley, M. S., Clune, R., Hermanson, D. R. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521-531. [8] Bedard, J. C., Graham, L. (2011). Detection and severity classifications of Sarbanes– Oxley Section 404 internal control deficiencies. The Accounting Review, 86(3), 825-855. [9] Bernardo M, Casadesus M, Karapetrovic S, Heras I. ―An empirical study on the integration of management system audits, Journal of Cleaner Production, Vol.18, pp. 486-495, 2010. [10] Bernroider EWN, Ivanov M. ―IT project management control and the Control Objectives for IT and related Technology (CobiT) framework, International Journal of Project Management, Vol.29, No.3, pp.325-336, 2011. [11] Blackmer, G., ―Best Practices for Information Technology Governance, A Report from the City Auditor, 2005. [12] Cases, A. S. (2002). Perceived risk and risk-reduction strategies in internet shopping. The International Review of Retail, Distribution and Consumer Research, 12(4), 375-394. [13] Chan, K. C., Farrell, B., Lee, P. (2005). Earnings management and return-earnings association of firms reporting material internal control weaknesses under Section 404 of the Sarbanes-Oxley Act (Working Paper). New York: Pace University. [14] Chandler, A. D. (1962). Strategy and structure: Chapters in the history of the american enterprise. Cambridge, Mass: MIT Press. [15] Chang, S. I. (2005). An alternative methodology for Delphi-type research in IS key issues studies. International Journal of Management and Enterprise Development, 3(1-2), 147-168. [16] Chatzoglou PD, Diamantidis AD., ―IT/IS implementation risks and their impact on firm performance, International Journal of Information Management, Vol.29, pp.119-128, 2009. [17] De Cremer, D., Nguyen, B., Simkin, L. (2016). The integrity challenge of the Internetof-Things (IoT): On understanding its dark side. Journal of Marketing Management, 33(1-2), 145-158. [18] De Haes, S., Van Grembergen, W., Debreceny, R. S. (2013). COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities. Journal of Information Systems, 27(1), 307-324. [19] De Oliveira, S. B., Valle, R., Mahler, C. F. (2010). A comparative analysis of CMMI software project management by Brazilian, Indian and Chinese companies. Software Quality Journal, 18(2), 177-194. [20] Debreceny, R. S., Gray, G. L. (2013). IT governance and process maturity: A multinational ﬁeld study. Journal of Information Systems, 27(1), 157-188. [21] Dittenhofer M., ―Analytical auditing and risk analysis in government, Managerial Auditing Journal, Vol.16, No.8, pp.469–475, 2001. [22] Dos Santos, R. P., De Oliveira, K. M., Da Silva, W. P. (2009). Evaluating the service quality of software providers appraised in CMM/CMMI. Software Quality Journal, 17(3), 283-301. [23] Eisenhardt, K. M. (1989). Building theories from case study research. Academy of Management Review, 14(4), 532-550. [24] Everett, C. (2011). A risky business: ISO 31000 and 27005 unwrapped. Computer Fraud Security, 2011(2), 5-7. [25] Fedorowicz, Jane, Gelinas, Ulirc J., ―Adoption and usage patterns of COBIT: results from a survey of COBIT purchasers, Information Systems Audit and Control Journal, Vol.6, pp.45-41, 1998. [26] Feng, M., Li, C., McVay, S. (2009). Internal control and management guidance. Journal of Accounting Economics, 48(2-3), 190-209. [27] Gerring, J. (2006). Case study research: Principles and practices. New York : Cambridge University Press. [28] Girard K, Farmer MA., ―Business software firms sued over implementation, CNET News.com (November 3), 1999. [29] Gordon, K. O., Czekanski, W. A., DeMeo, J. A. (2016). Assessing the inﬂuence of sport security operations on the guest experience: Using the Delphi method to understand practitioner perspectives. Journal of Sport Safety and Security, 1(1), 2:1-13. [30] Gowin, D. B. (1981). Educating. New York: Cornell University Press. [31] Grabski, S. V., Leech, S. A., Schmidt, P. J. (2011). A review of ERP research: A future agenda for accounting information systems. Journal of Information Systems, 25(1), 37-78. [32] Grossman, A. M., Smith, L. M., Tervo, W. (2013). Measuring the impact of international reporting standards on market performance of publicly traded companies. Advances in Accounting, incorporating Advances in International Accounting, 29 (2), 343-349. [33] Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645-1660. [34] Hair, J. F., Black, B., Babin, B., Anderson, R. E. and Tatham, R. L. (2006). Multivariate data analysis (6th ed.). Upper Saddle River, NJ: Pearson/Prentice Hall. [35] Hardy, K. (2014). Enterprise risk management: A guide for government professionals. CA: John Wiley Sons. [36] Hill, K. Q., Fowles, J. (1975). The methodological worth of the Delphi forecasting technique. Technological Forecasting and Social Change, 7(2), 179-192. [37] Holden, M. C., Wedman, J. F. (1993). Future issues of computer-mediated communication: The results of a Delphi study. Educational Technology Research and Development, 41(4), 5-24. [38] Huang SM, Hung WH, Yen DC, Chang IC, Jiang D., ―Building the evaluation model of the IT general control for CPAs under enterprise risk management, Decision Support System, Vol.50, pp.692-701, 2011. [39] Hunton JE, Wright AM, Wright S., ―Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems, Vol.18, pp.7-28, 2004. [40] Kaplan, R. S., Mikes, A. (2012). Managing risks: A new framework. Harvard Business Review, 90(6), 48-60. [41] Kaufmann, P. R. (2016). Integrating factor analysis and the Delphi method in scenario development: A case study of Dalmatia, Croatia. Applied Geography, 71, 56-68. [42] Lainhart JW., ―An IT assurance framework for the future, Ohio CPA Journal, Vol.60, No.1, pp.19-23, 2001. [43] Lawshe, C. H. (1975). A quantitative approach to content validity1. Personnel psychology, 28(4), 563-575. [44] Love, P.E.D., Irani, Z., Edwards, D.J., ―Industry-centric benchmarking of information technology benefits, costs and risks for small-to-medium sized enterprises in construction, Automation in Construction, Vol.13, pp.507-524, 2004. [45] Mihaela, D., Iulian, S. (2012). Internal control and the impact on corporate governance, in Romanian listed companies. Journal of Eastern Europe Research in Business Economics, 2012, 1-10. [46] Nelson J, Ronen J, White L., ―Legal liabilities and the market for audit services, Journal of Accounting, Auditing and Finance, Vol.3, pp.255–295, 1997. [47] Nelson, K., Clarke, J., Stoodley, I., Creagh, T. (2015). Using a capability maturity model to build on the generational approach to student engagement practices. Higher Education Research Development, 34(2), 351-367. [48] PCAOB (2004a). AU Section 319, consideration of internal control in a financial statement audit. USA: PCAOB. [49] PCAOB (2004b). Auditing Standard No.2, an audit of internal control over financial reporting performed in conjunction with an audit of financial statements. USA:PCAOB. [50] Parry, V. K. A., Lind, M. L. (2016). Alignment of Business Strategy and Information Technology Considering Information Technology Governance, Project Portfolio Control, and Risk Management. International Journal of Information Technology Project Management, 7(4), 21-37. [51] Poba-Nzaou, P., Raymond, L., Fabi, B. (2008). Adoption and risk of ERP systems in manufacturing SMEs: A positivist case study. Business Process Management Journal, 14(4), 530-550. [52] Read, T. J., ―Discussion of director responsibility for IT governance. International Journal of Accounting Information Systems, Vol.5, No.2, pp.105-107, 2004. [53] Romney, M. B., Steinbart, P. J. (2014). Accounting information systems (13th ed.). New Jersey: Prentice Hall. [54] Rose A, Lim D., ―Business interruption losses from natural hazards: conceptual and methodological issues in the case of the Northridge earthquake, Environmental Hazard, Vol.4, pp.1-14, 2002. [55] Schmit, Julie (11 February 1998). 'Techies flock to Fry's despite its flaws'. USA Today. p. 1B. [56] Seawright, J., Gerring, J. (2008). Case selection techniques in case study research a menu of qualitative and quantitative options. Political Research Quarterly, 61(2), 294-308. [57] Skinner, R., Nelson, R. R., Chin, W. W., Land, L. (2015). The Delphi method research strategy in studies of information systems. Communications of the Association for Information Systems, 37(2), 31-63. [58] Sutton, S. G., Khazanchi, D., Hampton, C., Arnold, V. (2008). Risk analysis in extended enterprise environments: Identification of critical risk factors in B2B e-commerce relationships. Journal of the Association for Information Systems, 9(3-4), 151-174. [59] Swanson G.A., Marsh H.L., ―A systems-based conceptual framework for auditing, Systems Research and Behavioral Science, Vol.10, No.1, pp.29-40, 2008. [60] Tan, H., Wang, S., Welker, M. (2011). Analyst following and forecast accuracy after mandated IFRS adoptions. Journal of Accounting Research, 49(5), 1307-1357. [61] Teymouri M, Ashoori M., ―The impact of information technology on risk management, Procedia Computer Science, Vol.3, pp.1602-1608, 2011. [62] Turner T., ―Implementing and enhancing data security in a PeopleSoft environment, IS Audit and Control Journal, Vol. 3, pp.51-51, 1999. [63] Velcu O., ―Strategic alignment of ERP implementation stages: an empirical investigation, Information and Management, Vol.47, pp.158-166, 2010. [64] Wathieu, L., Bertini, M. (2007). Price as a stimulus to think: The case for willful overpricing. Marketing Science, 26(1), 118-129. [65] Weill, P., Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard Business Press. [66] Xue, Y., Liang, H., Boulton, W. R. (2008). Information technology governance in information technology investment decision processes: The impact of investment characteristics, external environment, and internal context. MIS Quarterly, 32(1), 6796. [67] Yin, R. K. (1994). CASE STUDY RESEARCH – Design and Methods (2nd ed.). CA: SAGE. [68] Yoo, Y. (2010). Computing in everyday life: A call for research on experiential computing. MIS Quarterly, 34(2), 213-231. 三、網頁部份 [1] Anderson, D. J., Eubanks, G. (2015). Governance and internal control: lLeveraging COSO across the three lines of defense. Retrieved April 27, 2016, from 2016 https:// na.theiia.org/standards-guidance/Public%20Documents/2015-Leveraging-COSO3LOD.pdf [2] BSI. (2013). ISO/IEC 27001:2013. The British Standards Institution. Retrieved November 29, 2016, from http://www.bsigroup.com/en-GB/iso-27001-information-security/ ISOIEC-27001-Revision/ [3] COSO (1992). Internal control-integrated framework. Retrieved October 1, 2012, from http://www.internalcompliance.com/docs/Summary%20of%20COSO%20Internal%20 Control%20Framework.pdf [4] COSO (2004). Enterprise risk management-integrated framework. Retrieved March 30, 2015, from http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf Federal Office for Information Security (2004). The IT baseline protection manual. German: Federal Office for Information Security. [5] IASB (2011). Annual Report 2011. Retrieved July 6, 2012, from http://www.ifrs.org/The-organisation/Governance-and-accountability/Annual-reports/Documents/AR_2011.pdf ISO/IEC (2005). Information security explained for small businesses (ISO/IEC 27001). Geneva, Switzerland: ISO. [6] IBM (2009). Social commerce defined. Retrieved December 14, 2014, from http://www148.ibm.com/tela/servlet/Asset/395425/Social%20Commerce%20Defined%20-%20 ANZ.pdf [7] ISACA. (2011a). COBIT mapping: Overview of international IT guidance. Rolling Meadows, IL: ISACA. Retrieved March 1, 2015 from https://www.sox-expert.com/uploads/ ﬁles/COBIT%20Mapping%202nd%20Edition.pdf [8] ISACA. (2011b). Global status report on the governance of enterprise IT (GEIT) -2011. Rolling Meadows, IL: ISACA. Retrieved March 1, 2015 from https://www.isaca. org/Knowledge-Center/Research/Documents/Global-Status-Report-GEIT-2011_res_ Eng_0111.pdf [9] 世界經濟論壇發佈2018年全球風險報告，巨亨網新聞中心，2018/01/23，https://news.cnyes.com/news/id/4023280 [10] 吳清山，林天佑，教育名詞PEST 分析，教育資料與研究雙月刊，第 98 期 2011年 2 月 187-188 頁，https://www.naer.edu.tw/ezfiles/0/1000/attach/72/pta_6149_612313_65187.pdf [11] 周建宏 (2010a, 2010b, 2010c) 。迎接國際會計準則時代的來臨。取自 2009 年 3 月，https://www.pwc.tw/zh_TW/tw/ifrs/ifrs-publication/assets/embracing-the-new-era-of-IFRS.pdf [12] 股感知識庫，五力分析─界定外部競爭，知己也要知彼，2015 / 11 / 02，https://www.stockfeel.com.tw/%E4%BA%94%E5%8A%9B%E5%88%86%E6%9E%90%E2%94%80%E7%95%8C%E5%AE%9A%E5%A4%96%E9%83%A8%E7%AB%B6%E7%88%AD%EF%BC%8C%E7%9F%A5%E5%B7%B1%E4%B9%9F%E8%A6%81%E7%9F%A5%E5%BD%BC/ 價值鏈分析─從企業內部活動找尋競爭優勢，2015 / 11 / 02，https://www.stockfeel.com.tw/%E5%83%B9%E5%80%BC%E9%8F%88%E5%88%86%E6%9E%90%E2%94%80%E5%BE%9E%E4%BC%81%E6%A5%AD%E5%85%A7%E9%83%A8%E6%B4%BB%E5%8B%95%E6%89%BE%E5%B0%8B%E7%AB%B6%E7%88%AD%E5%84%AA%E5%8B%A2/ [13] 陳文義，IDC：亞太區8成4的企業資安策略僅達最低標準，iThome計算機週刊，2017-02-13，https://www.ithome.com.tw/news/111917 [14] 陳瑩欣，資誠調查全球近4成業者受駭不知兇手是誰，蘋果日報，2017/10/27，https://tw.appledaily.com/new/realtime/20171027/1229900/ [15] 陳雅文，個案研究法Case Study，1995，http://terms.naer.edu.tw/detail/1681584/
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/22042	-
dc.description.abstract	近年來，隨著資訊科技環境不斷的變化，加上網路應用的普及與快速發展下，經濟、社會都起了結構性的轉變。在電子商務、社群商務或線上、線下消費行為上，都有了顯著的改變，雖然這為企業創造了許多新的商業機會與商業模式，但同時也為企業帶來了比以往更快速、更不可預測、更充滿不確定性的風險與威脅。就現今的企業經營發展而言，企業組織面臨的資訊風險與資訊安全挑戰已日漸嚴峻，添加了更多不確定性與複雜性的變數、帶來了更多的危機。尤其在資訊安全、隱私保護與數位犯罪形態上等議題，已嚴然成為當今企業組織首要面對的關鍵課題。而企業組織對營運的資訊風險偵知與管理，更需一個明確且務實的資訊風控策略與安管機制來回應，尤其對從事虛實整合的企業，更是尤為重要。本研究目的為發展企業資訊的內控、稽核與風險管理機制，以保障企業經營與資訊風險於可控範圍內。企業因資訊環境的進步，複雜度不斷提昇，資訊系統的風險控制與稽核需求也與日俱增，對數據資料的準確性和資訊風險的控制，直、間接影響企業財務報表資訊的準確性與可靠性，更被企業視為之首要。因此，企業的管理者需隨時注意環繞在企業外部或潛藏在組織內部之風險，建立完整的資訊危機、偵防、預警、稽核、管控的機制與制度以應對之。此研究希望藉由探討有關資訊風險、內控管理與策略規劃等文獻，配合實務，提出符合企業資訊內控與資訊安全領域應用之策略規劃與模式，結合個案實例，以驗證本研究所提出的資訊內控、策略規劃與建構流程之可行性與適宜性。本研究除採用文獻探討方式外，另彙整專家意見，強調專家審計觀點，配合資訊技術審計和風險控制模型，依資訊風險類型區分為內、外部資訊風險，建立資訊風險壓力構面，分析資訊風險結果，發展資訊內控、資訊安全稽核的流程與方法，以規劃出適用企業資訊內控與資訊安全性原則的可執行方案。並透過個案研究方式，探討個案公司在面對複雜的資訊內控、安全等議題時，如何依循研究流程架構中提出的資訊內控及資訊安全性原則規劃建構流程，找出最佳資訊風險管理的內部優先措施，以進行企業內資訊內控與資訊安全性原則的規劃與實施，以驗證資訊風險控制與管理之適用性，幫助企業進行實際應用建構之結構來確保資訊風險管理的有效性。隨著資訊風險與資訊安全威脅的與日俱增，企業組織必須有可遵循的方法論，才能快速適宜的規劃出資訊內控與資訊安全性原則以應對。本研究的具體貢獻在針對電子商務、社群商務、線上消費或數位交易為主體的環境下，以資訊系統內部控制規範為基礎，歸納與分析過去文獻，以構建出資訊系統內部控制、資訊安全架構與資訊風險評估機制，透過個案實證機制的實用性，讓企業能夠精準地進行資訊系統的內部控制，同時評估內控機制的績效，以驗證所產出的稽核機制被運用在企業內部控制稽核上的可行性。研究成果可為學術界強化研究知識，或為後續研究者或實務界在互聯網或以數位交易為主體的環境下，實施企業風險管理，內部控制稽核與進行資訊安全性原則規劃時參考。	zh_TW
dc.description.abstract	In recent years, information technology has been continuously changing. With the popularity and rapid development of mobile applications, the economy and society have undergone structural changes. The significant changes in e-commerce, community commerce, or online/offline consumer behaviors, which create new business opportunities and business models for many companies, but also brought more unpredictable risks or threats of uncertainty to the company. In terms of business development, information technology risks and information security challenges have become more and more serious, adding even more uncertainty, complexity, and crises to the company. Especially on information security and privacy protection issues such as digital fraud or crime have become the key issues that businesses headache today. Therefore, the business urgently needs detection of information risk, a strategy of information control, and information security management mechanism to deal with it, especially for enterprises engaged in online/offline integration. The purpose of this research is to develop an internal control, audit, and risk management mechanisms for corporate, to ensure that the operations and information risks are within control. Due to the information technology fast-growing, the complexity, risk control, and the need for auditing of information systems are increasing. The data accuracy and the information risks control, directly or indirectly, affect the accuracy and reliability of financial statements, and this considered as the top priority of the enterprise. Therefore, the business management level needs to pay attention to the risks where surrounding enterprise externally or internally to establish a complete mechanism for information system control, such as crisis detection, prevention, warning, audit, and control to deal with it. The hope for this research is to study relevant articles in information security, risk management, and strategic planning to cooperate with practice to propose strategic planning and models that are consistent with the application of corporate information internal control and information security fields. And also combine with a case study to verify the research proposal feasibility and suitability. In addition to literature, research summarizes expertise opinion and information system auditing perspectives to cooperates with information technology audits and risk control models. Distinguish internal and external information risk to establish an information risk pressure factor. Analyze information risk results, to develop a process or method of information internal control and information security audit to plan a suitable solution for enterprise information, internal control, and information security strategy. Through the case study, to discussing the information internal control and security issues, and how to follow the strategic plan and the process to measure priority and implementation to the company to verify the applicability and effectiveness of information risk control and security management. With the increase of information security risk and threat, organizations must have a methodology to follow and an appropriate plan for information internal control and information security strategies to respond. The contribution of this research is to summarize and analyze the past literature based on information system internal control and targeted at e-commerce or community commerce or digitized transactions environment. Through the information security architecture and information risk assessment mechanism, the case study allows the company to carry out internal control of the information system accurately, and to evaluate the performance of the control mechanism and also verify the result in the audit. The research results can be used for academic research to strengthen research knowledge or for follow-up researchers or practical in risk management, internal control audit, or information security strategy planning under the Internet or digital transaction as the core environment enterprise.	en
dc.description.provenance	Made available in DSpace on 2021-06-08T03:59:26Z (GMT). No. of bitstreams: 1 U0001-3011202013494100.pdf: 3284475 bytes, checksum: 7a3ce1dbe20656df28064632c0844d61 (MD5) Previous issue date: 2020	en
dc.description.tableofcontents	目錄謝誌 II 中文摘要 III THESIS ABSTRACT V 目錄 VII 圖目錄 IX 表目錄 X 第一章緒論 1 第一節、研究背景 1 第二節、研究動機 3 第三節、研究目的 5 第四節、論文結構 6 第二章文獻探討與相關理論 11 第一節、資訊風險的重要性 12 第二節、資訊技術管控機制 20 第三節、資訊安全實施範疇 30 第四節、策略的定義與規劃 35 第五節、分析規劃工具應用 40 第三章研究架構、設計與方法 43 第一節、研究架構 43 第二節、研究設計 59 第三節、研究方法 65 第四章資料分析與討論 66 第一節、資料分析 66 第二節、可行性討論 69 第五章個案分析與研究 76 第一節、個案公司彙總說明 76 第二節、F公司簡介與研究結果分析 78 第三節、M公司簡介及研究結果分析 88 第四節、N公司簡介及研究結果分析 97 第六章結論、貢獻、限制與建議 107 第一節、研究結論 107 第二節、研究貢獻 108 第三節、研究限制 109 第四節、研究建議 110 參考文獻 112 一、中文部份 112 二、英文部份 114 三、網頁部份 120 圖目錄圖 1 1論文架構9 圖 2 1資訊技術治理（ITG）的重點領域13 圖 2 2有效的資訊控制系統21 圖 2 3資訊風險控制的方法及流程26 圖 2 4策略規劃的流程與架構38 圖 2 5 PEST分析41 圖 2 6 強弱危機(SWOT)分析42 圖 3 1 研究架構44 圖 3 2 企業運營基柱45 圖 3 3 策略規劃流程47 圖 3 4 資訊風險及內控管理策略建構流程 49 圖 3 5 結合運營基礎之資訊風險及內控管理策略規劃建構流程52 圖 3 6 企業組織主要資訊風險及內控管理威脅來源53 圖 3 7 資訊風險現況分析 (TW-HTMS)55 圖 3 8 EP-HTMS因應策略規劃模式56 圖 3 9 企業組織資訊風險及內控管理策略規劃模式58 圖 3 10 研究策略60 圖 4 1 個案公司調查評估流程70 表目錄表 1‑1研究流程10 表 3‑1稽核與內部控制評估表 62 表 3‑2資訊風險壓力來源評估表 64 表 4‑1兩次調查評估資料蒐集狀況表 67 表 4‑2各領域對資訊風險分類重要性之看法表 68 表 4‑3個案公司營業項目與運營概況表 71 表 4‑4能力成熟度模型整合(CMMI)內部控制有效程度判斷表 72 表 4‑5個案公司資訊風險與內控管理成熟度評估表 73 表 5‑1個案公司企業資訊風險評估表 77
dc.language.iso	zh-TW
dc.subject	資訊技術整體控制 (ITGC)	zh_TW
dc.subject	電子商務 (EC)	zh_TW
dc.subject	資訊安全 (IS)	zh_TW
dc.subject	資訊稽核 (IA)	zh_TW
dc.subject	資訊風險管理 (IRM)	zh_TW
dc.subject	資訊治理 (ITG)	zh_TW
dc.subject	職能分工 (SOD)	zh_TW
dc.subject	Information Security (IS)	en
dc.subject	Segregation of Duties (SOD)	en
dc.subject	Information Technology Governance (ITG)	en
dc.subject	Information Risk Management (IRM)	en
dc.subject	Information Auditing (IA)	en
dc.subject	Electronic Commerce (EC)	en
dc.subject	Information Technology Integrated Control (ITGC)	en
dc.title	電子商務型企業資訊風險與內控管理機制之研究	zh_TW
dc.title	Research on Information Risk and Internal Control Management Mechanism of E-commerce Enterprises	en
dc.type	Thesis
dc.date.schoolyear	109-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳家麟,陳超,張成洪
dc.subject.keyword	電子商務 (EC),資訊安全 (IS),資訊稽核 (IA),資訊風險管理 (IRM),資訊治理 (ITG),職能分工 (SOD),資訊技術整體控制 (ITGC),	zh_TW
dc.subject.keyword	Electronic Commerce (EC),Information Security (IS),Information Auditing (IA),Information Risk Management (IRM),Information Technology Governance (ITG),Segregation of Duties (SOD),Information Technology Integrated Control (ITGC),	en
dc.relation.page	121
dc.identifier.doi	10.6342/NTU202004376
dc.rights.note	未授權
dc.date.accepted	2020-12-02
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	臺大-復旦EMBA境外專班	zh_TW
顯示於系所單位：	臺大-復旦EMBA境外專班

文件中的檔案：

檔案	大小	格式
U0001-3011202013494100.pdf 未授權公開取用	3.21 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。