Research On Risk Management Of X Company's Audit Information System Development Project

With the rapid development of the Internet,the Internet has now been deeply embedded in people's lives.According to the data given by Chinanews.com,in March 2020,the number of Internet users in China exceeded 900 million.Internet content has greatly enriched people's lives,but also caused problems such as false information,cyber violence,privacy leakage,and vulgar information that violate personal and public interests.At present,most Internet companies have online platforms,and there are a large number of user-published content on the platforms.In order to maintain the legal compliance of online platform content,Internet companies need to independently develop content review information systems and to review platform content.The purpose of this paper is to take X Company's audit information system development project as an example,to study the risk management method suitable for the Internet audit information system,to accumulate experience in the project practice and to summarize the best coping strategies.It is hoped that through the research of this paper,on the one hand,it will provide certain theories and reference schemes for the risk management of Internet audit information system development projects,and on the other hand,in the actual development process,the company can predict risks in advance,respond to risks in time,and avoid risks.Encountering a project failure causes even greater losses to the company.The main research method is to determine the project risk management plan according to the project objectives.The project risk management plan refers to the five major processes of PMBOK risk management: risk planning,risk identification,risk evaluation,risk response,and risk monitoring.The entire risk management is a cyclic process that continues.to project delivery.To review the risk identification of the information system development project,the risk management team will hold a special meeting on project risk identification,and use the combination of historical documents and the brainstorming method of the expert group to carry out risk identification.When reviewing the risk identification of the information system development project,the company's historical project management documents are used as the main reference for the risk management team.The expert team divides the project into eight stages according to the information system development process: product planning stage,requirements review stage,During the technical review stage,software development stage,software testing stage,product acceptance stage,project launch stage and project closing stage,use brainstorming to identify risks in each link.In order to further analyze the possible impact of risk items on project objectives,and to discover the root causes of risk formation,the expert group will use the fishbone diagram analysis method to analyze the root causes and impacts of risks based on the 24 risk items identified above.Finally,the risks are classified into requirements risk,development risk,testing risk and project management risk.The next step is to assess the risk size of project risks,collect qualitative risk analysis data using questionnaires,and then use AHP to quantitatively calculate the size of the risk,and at the same time,according to the defined risk level evaluation scale,the size of the risk is divided into major,large,and general,lower and slight five grades.Corresponding risk response measures will be formulated according to the risk analysis results,especially for major risks and larger risks.The overall response strategy of the project for larger or higher risks is to avoid and mitigate risks,because major risks are assessed to be the most important for achieving project goals.There are threatening risks.If the major risks cannot be effectively dealt with,the project will have a great risk of failure.The avoidance strategy is to concentrate project resources to eliminate the risk;at the same time,the strategy of avoidance and mitigation is adopted for larger risks,and the focus is on mitigation.Avoid escalating major risks into major risks.Corresponding response strategies are formulated for each identified project risk item and summarized into a project risk response plan.Finally,a risk monitoring plan is formulated to monitor project risks according to the plan during the project activities.The research on risk management of auditing information system development projects proposed in this paper provides an important reference value for X company to carry out risk management of relevant information system development projects,and at the same time avoids the blindness of X company's project risk management,and helps X company improve information system development The project's risk management ability provides a wealth of practical experience guidance for the development of X Company's PMO and the improvement of the success rate of development projects.