Research On IT Control Of Enterprise Based On COBIT

At present, IT has become a leading force for economic development and social progress; especially, the rapid development and wide application of the Internet and e-commerce, have made us into the information age. And just because of this, IT control has become one of the core systems of internal control. Along with the official publication of Implementation Guidelines for Enterprise Internal Control, internal control implementation had become a major and urgent issue for our country. In this context, we could benefit a lot from enhancing IT control. A good IT control system not only help enterprises create a good control environment, but also conducive to achieving the stated purpose of control activities. In addition, IT's effective use will greatly increase the efficiency of the overall implementation of internal control. Therefore, the issue of enterprise IT control is worthy of studying deeply.So far, China's IT control standards are not detailed enough and difficult to practice. Taking that into account, this thesis references COBIT, which is internationally recognized as the most authoritative and most comprehensive IT control framework, and proposes the concept of IT control implementation standards, then research on it to look forward to providing more detailed, operational standards for enhancing IT control.This thesis is composed of six parts:The first part is "Introduction". It contains the research background and role, literature review, research method, content and innovation.The second part is "The Concept of IT Control". The author defines the concept of IT control based on the previous studies, and then makes a conceptual distinction among "IT Control", "Internal Control", "IT Governance" and "Information Systems Control", in order to deepen the understanding of IT control.The third part is titled "The Status Quo of IT Application and Control Specification". This part begins with the analysis about the challenges to the traditional internal control because of IT applications from the perspective of static and dynamic. Then, the author analyses the new risks and their characteristics. At last, describes the status quo of IT application and IT control standards separately.The fourth part is "COBIT-The Best Practices Framework of IT Control" This chapter first introduces COBIT, including its control logic and its core elements. Second, makes a comprehensive evaluation about COBIT, and points out that COBIT is the best IT control framework. Finally, the author compares COBIT with Application Guidelines for Enterprise Internal Control No.18--Information System, and concludes that we can learn something from COBIT.The fifth part is "Research on IT Control Implementation Standards Based on COBIT". In this part, the author defines "IT Control Implementation Standards", then indicates the way to research it and describes its content. Finally, the standards are used to evaluate S listed companies' IT control, which proves they are easy implementation.The sixth part is "The Policy Recommendations of Enhancing IT Control" The author makes policy recommendations on enhancing China's IT control from the perspective of regulatory authorities, enterprises and intermediary organizations in the last part.The main contribution of this thesis is designing IT Control Implementation Standards, which contain the risk point, signs of risk, risk levels and control measures. Obviously, this research can make up the shortfall of lacking more detailed standards, and provide viable standards and solutions for IT control practices.