政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/118753
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113325/144300 (79%)
造访人次 : 51190287      在线人数 : 908
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 商學院 > 會計學系 > 學位論文 >  Item 140.119/118753


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/118753


    题名: 銀行業關鍵查核事項之決策─以IT風險為例
    The decision making of key audit matters in banking industry: focusing on IT risk
    作者: 陳亮宇
    Chen, Liang-Yu
    贡献者: 馬秀如
    陳亮宇
    Chen, Liang-Yu
    关键词: 關鍵查核事項
    銀行業
    資訊科技風險
    決策品質
    Key audit matters
    Banking industry
    IT risk
    Quality of decision-making
    日期: 2018
    上传时间: 2018-07-19 17:24:30 (UTC+8)
    摘要: 國際組織革新審計規範,要求會計師透過揭露受查企業的關鍵查核事項(Key Audit Matters,簡稱KAM),使每份查核報告有所不同,提升其價值。
    目前,企業面臨的經營環境與以往不同,資訊科技(Information Technology,簡稱IT)風險提高,企業中的銀行業尤然,惟銀行過去適用的風險管理框架似已不足支應。因此,銀行查核會計師於KAM中納入與IT風險相關之事項,提高溝通的品質,似理所當然。然而,實際情況果真如此?
    過去探討KAM的研究,固然為數不少,但結論不一,有者認為KAM有用,有者卻發現其無用。前者研究使用之KAM充滿理想性,與真實情況有落差,所作「KAM有價值」之結論,不足為奇;後者研究使用真實KAM,惟真實KAM缺失甚多,若以其作為探討標的,研究限制過大。因此,本研究歸納國內外共73份會計師查核報告及4起發生IT損失的事項,分析KAM之揭露情形,指出其可改善的方向。
    本研究發現:查核本國銀行的會計師將IT風險事項納入KAM者,不及外國銀行的查核會計師。查核本國銀行的會計師,即使係將IT風險事項納入KAM者,其報告之品質不及查核外國銀行會計師。該等KAM決策可改善之處,有:在關注IT風險對受查者影響重大之層面時,應以影響深且廣泛的IT控制為主,某個財務報表項目僅係受IT控制影響的層面之一;將KAM索引至受查者相關揭露時,應考量相關揭露對預期使用者了解IT風險之攸關性;提醒預期使用者注意IT風險事項之關鍵層面時,應明確指出關鍵層面為何,避免敘述過度空泛;說明會計師作成的KAM決策時,應確實幫助使用者深入洞察其理由;應將KAM連結至受查者特定情況,或說明會計師之主要考量,以凸顯該KAM客製化程度。
    International organizations have reformed the auditing standards and required auditors to disclose the key auditing matters (KAM) to make each audit report different and enhance its value.
    At present, the information technology (IT) risks faced by enterprises keep rising, especially in the banking industry. The framework of risk management used by banks in the past seems to be insufficient. Therefore, it seems natural for auditors to include IT-related issues in KAM and improve the quality of communication. However, what about the actual situations?
    In the past, there were tons of studies about KAM, but the conclusions were so different. Some of them found KAM useful, while others found it useless. The KAMs used in the former studies were too ideal, so that there was a gap between the actual situations and their conclusions. The latter studies used real KAMs. But there were many deficiencies in real KAMs; it is too restrictive to use them for the study. Therefore, this study analyzed the disclosures of KAMs in 73 audit reports at home and abroad as well as 4 cases to point out how they can be improved.
    This study found that: the proportion of domestic auditors who incorporate IT risk-related matters into KAM is less than that of foreign ones. Even though those matters related to IT risks are already included in KAM, the quality of communication of domestic auditors’ is still not as good as that of foreign ones. Those decisions of KAM can be improved in the following ways. When focusing on the impact points of IT risks, auditors should put more emphasis on the IT controls which cause deeper and more extensive impacts than components of the financial statement. When making a reference to related disclosures, auditors should consider whether it can provide relevance to users for helping them to understand IT risks. When reminding users to pay attention to the key aspects of the IT risks, auditors should avoid vague and general narratives and clearly point out the key aspects. When providing users insights of decisions of KAM, auditors should indeed help users to go deep into the reasons. When linking the KAM to the specific circumstances of the client, or when referring to the auditors’ principal considerations, auditors should enhance the degree of customization of the KAM.
    參考文獻: 一、中文文獻
    陳志誠、林淑瓊、李興漢、許派立,2009,資訊資產分類與風險評鑑之研究:以銀行業為例,資訊管理學報,第16卷第3期:55-84。
    張大成,2002,新版巴賽爾協定:過去、現在與未來,存款保險資訊季刊,第16卷第2期,87-132。
    張修齊,2003,從新巴塞爾資本協定看作業風險管理,台灣金融財季刊,第4輯第1期,55-77。
    黃明達、曾淑惠,2003,以ISO27001為基礎評估銀行業的資訊安全環境,資訊管理展望,第5卷第2期,31-50。
    黃國源、方順逸,2017,台灣首次適用「關鍵查核事項」之探討,貨幣觀測與信用評等,第127期,51-64。
    聞美晴,2015,資訊安全管理系統ISO27001:2013與ISO27001:2005差異說明,金融聯合徵信,第26期,20-24。
    樊國楨,2002,資通安全專輯之五:資訊安全風險管理,台北市:行政院國家實驗研究院科學資料中心。
    二、英文文獻
    Allen, L., & T. G. Bali. 2007. Cyclicality in Catastrophic and Operational Risk Measurements. Journal of Banking and Finance. 31 (4): 1191-1235.
    Ali, M. A., B. Arief, M. Emms, & A. van Moorsel. 2017. Does the online card payment landscape unwittingly facilitate fraud? IEEE Security & Privacy. 15 (2): 78-86.
    Chau, J. 2005. Skimming the technical and legal aspects of ISO27001 can give a false sense of security. Computer Fraud & Security. 2005 (9): 8-10.
    Chernobai, A. S., S. T. Rachev, & F. J. Fabozzi. 2007. Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis. Canada:John Wiley & Sons, Inc.
    Christensen, B. E., S. M. Glover, & C. J. Wolfe. 2014. Do Critical Audit Matter Paragraphs in the Audit Report Change Nonprofessional Investors` Decision to Invest? AUDITING: A Journal of Practice & Theory. 33 (4): 71-93.
    Cordoş, G. S., & M. T. Fülöpa. 2015. Understanding audit reporting changes: introduction of Key Audit Matters. Accounting & Management Information Systems. 14 (1): 128-152.
    Financial Reporting Council. 2015. Extended Auditor’s Reports: A review of experience in the first year. London, UK.
    Financial Reporting Council. 2016a. Extended Auditor’s Reports: A Further Review of Experience. London, UK.
    Granova, A., & J. Eloff. 2004. Online banking and identity theft: who carries the risk? Computer Fraud & Security. 2004 (11): 7-11.
    Gutierrez, E., M. Minutti-Meza, K. W. Tatum, & M. Vulcheva. 2018. Consequences of Adopting an Expanded Auditor`s Report in the United Kingdom. Available at SSRN: https://ssrn.com/abstract=2741174
    International Auditing and Assurance Standards Board (IAASB). 2015a. International Standard on Auditing 700 (Revised) Forming an Opinion and Reporting on Financial Statements.
    International Auditing and Assurance Standards Board (IAASB). 2015b. International Standard on Auditing 701 Communicating key audit matters in the independent auditor’s report.
    Information Systems Audit and Control Association (ISACA). 2009. The Risk IT Framework.
    Kachelmeier, S. J., J. J. Schmidt, & K. Valentine. 2018. Do Critical Audit Matter Disclosures Protect Auditors By Forewarning Users of Misstatement Risk? Available at SSRN: https://ssrn.com/abstract=2481284
    Kelsey, B., M. M. Doxey, J. H. Grenier, & A. Reffett. 2016. Risk Disclosure Preceding Negative Outcomes: The Effects of Reporting Critical Audit Matters on Judgments of Auditor Liability. The Accounting Review. 91 (5): 1345-1362.
    Köhler, A., N. V. Ratzinger-Sakel, & T. Jochen. 2016. The Effects of Key Audit Matters on the Auditor`s Report`s Communicative Value: Experimental Evidence from Investment Professionals and Non-Professional Investors. Available at SSRN: https://ssrn.com/abstract=2838162
    Lanzl, S. 2002. Determining worthwhile IT security efforts. Pulp & Paper. 76(1): 25-26.
    Lennox, C. S., J. J. Schmidt, & A. Thompson. 2018. Is the Expanded Model of Audit Reporting Informative to Investors? Evidence from the U.K. Available at SSRN: https://ssrn.com/abstract=2619785
    Marshall, C. & L. Lisa. 2000. Measuring & Managing Operational Risks in Financial Institutions: Tools, Techniques & Other Resources. New York:John Wiley & Sons, Inc.
    Sirois, L. P., J. Bédard, & P. Bera. 2017. The Informational Value of Key Audit Matters in the Auditor’s Report: Evidence from an Eye-tracking Study. Accounting Horizons. Available at SSRN: https://ssrn.com/abstract=2469905
    描述: 碩士
    國立政治大學
    會計學系
    105353008
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0105353008
    数据类型: thesis
    DOI: 10.6814/THE.NCCU.ACCT.029.2018.F07
    显示于类别:[會計學系] 學位論文

    文件中的档案:

    没有与此文件相关的档案.



    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈