| With the rapid development of information technology, more and more extensive application of information systems demonstrated its superiority and efficiency increasingly. Many business and management tasks of organizations are resolved by information systems. Through this, it saves human and material resources and reduces duplication of a number of complicated labor more and more, thereby the operational efficiency throughout the organization has been enhanced.With application of information systems giving people convenient, fast and efficient life, its safe, reliable and effective community has become very concerned about the topic. At the same time, the failure of the implementation of information systems case is also a common occurrence, not all of the information system can be expected to bring the benefits for enterprises. Therefore, information system aduit of enterprise and how to control information system risk have concerned by domestic and foreign scholars and become the focus of the study.Some scholars and organizations at home and abroad have a certain amount of research on Content and basic framework of risk control of enterprise informatization, but has not formed a mature model and methods yet. Now this process is still in constant improvement and development. China's enterprise informatization is driven by project frequently, lacking of long-term strategic planning. Research on risk management of enterprise informatization is still in its early stage.According to the Enterprise Information Development in China and relating to the status of research at home and abroad, this paper, by a combination of ideas of theoretical research and empirical research, quantitative analysis and qualitative analysis and internal control and external control, references the idea from abroad on risk management and builds information models of risk management structure on auditting. Through the study of risk management models and methods, using quantitative and qualitative evaluation of the method, this article has a priority ranking for the core of enterprise information risk, provides the basis for information system aduit, and implemented of risk control information effectively, and achieved enterprise economic and social benefits. Based on risk management theory standards and best practices on risk management of informatization reviewed at home and abroad, this paper focus on framework of the theory and implementation process for risk management of enterprise informatization, try to put framework of enterprise information risk Governance.The framework of risk management implementation process will be part of enterprise information risk management is defined as including risk identification, risk analysis and evaluation, risk control process of the three elements of the dynamic process. To ensure effective implementation of risk management,information systems audit played an important role in the process,and how to participate in this process were discussed. Finally, studying on cases of risk management of enterprise informatization, paper have a initial application on framework for the implementation of risk management of enterprise informatization. |
PDF Full Text Request