Based On The COSO & COBIT Enterprise Informationization Risk Management Research

Enterprise informatization construction brings a qualitative leap for the quality of enterprise management and the economic benefits . More and more enterprises believed that through the Enterprise informatization construction to obtain the comparison competitive advantages of enterprises . However, in the information construction process, accompanied by huge risks. if the subsequent risk be neglected or indulged , and it will bring great loss. Therefore, people need to rational rather than empirical face to the Enterprise informatization construction process which with the high risk and failure rate.After the study of abundant literatures , found that, in the theory research there are seldom fruit from the angle of risk management for enterprise informationization. In practice, most of the enterprise informationization in our country is the project for drive, rather than the goal driven, lack of long-term strategic planning. Our enterprise informationization risk control to the theoretical study and practice is still in the initial stage.In 2004,By the organizing committee of National Commission on Fraudulent Financial Reporting,called COSO(Committee of Sponsoring Organizations), officially released the enterprise risk management framework - (ERMF). The framework of(with) internal control framework, will help enterprise to turn into a more comprehensive risk management process. On the other hand, Control Objectives for Information and related Technology (COBIT) is now widely used in international management framework, It provides a set of authority and the universal accepted standards for enterprise informatization. Its purpose is to regulate and improve IT management level, effectively preventing the risk control and increase value of information technology, etc.Based on the summary of domestic and international enterprise risk control and the present research on financial risk, ERMF and COBIT as the theoretical platform, based on COBIT divided to four fields of 34 IT process and its corresponding detailed control target and the enterprise risk management ERMF mentioned in eight interrelated elements, enterprise informationization risk control model of enterprise informatization will be constructed, the financial risks after impact will be analyzed. Secondly, in theory, on basis of the research of the ERMF COBIT and risk control model, and applied it to "ERMF & COBIT risk analysis based on auxiliary system". Finally, get the theoretical study and practical research results.