摘要: | 當今資訊系統幾已普及各行業,稽核人員於稽核過程中常須使用電腦、接觸資訊或應用電腦輔助稽核技術,而衍生跨稽核與資訊領域之倫理議題,有異於傳統稽核情境。因此,有需建立涵蓋稽核倫理及相關資訊倫理之電腦稽核專業倫理規範。由於相關研究文獻尚有不足,故須收集專家意見以發展符合專家期待之倫理規範,並了解發展完成之規範是否符合實務使用需求。 本研究第一階段先依稽核倫理相關之理論、規範,與相關之資訊倫理議題等之文獻分析結果並參考專家意見,建立本規範雛型。再以焦點團體法、德爾菲法及舉辦公聽會等方式,廣泛收集意見。歷時近二年始發展完成本規範,其內容包含總則、專業職能認知、行為準則及專業上應有之注意等四構面及其下相關條款。本研究第二階段於本規範經國內電腦稽核專業組織公告後半年內,為了解其應用情形,對金融機構相關之內外部稽核單位計63家,進行問卷調查結果,雖有44家(占70%)已應用或考慮應用本規範,包括:參考本規範增(修)定其內規、納入教育宣導資料,或提供稽核人員參考使用等之應用方式。惟亦有8家(占13%)表示尚未想到如何應用或評估是否應用,顯示本規範之應用仍待加強宣導。 本倫理規範內容除涵蓋一般稽核倫理外,並將相關之資訊倫理予以納入,因而有異於現行內、外部稽核相關倫理規範,故可作為其通用補助性規範,俾稽核人員於面臨相關倫理議題時,有所遵循或權衡取捨。除此,本研究結果可提供如何應用學術研究以有效解決實務規範議題之案例。建議後續有關本規範應用情形之研究,其抽樣調查對象涵蓋所有產業之上市(櫃)公司,並調查實際從事稽核工作人員使用本規範之情形。In this day and age when most, if not all, industries are operating in the information technology environment, the auditors are often required to use computers, to gain access to relevant information or apply the computer-aided audit techniques. Thus the ethical issues involving both auditing and information ethics during auditing are quite different from those in the traditional auditing situations. Therefore, it is necessary to establish a new set of ethical protocols, namely, the code of computer-audit professional ethics, taking into account both auditing and relevant information ethics. Due to the insufficient related research literature, it is necessary to gather experts’ opinions to develop the code that meets their expectations and to make sure it is applicable in practice. During the first phase of the study, the prototype of the code was drawn up based on the analysis of the related literature regarding ethical theories in auditing, current codes of auditing ethics, issues on information ethics as well as experts’ opinions. Successive collection of experts’ opinions extensively was continued by using methods of focus groups, Delphi methodology and holding public hearings, etc. It took nearly 2 years to complete the development of the code which contains the following 4 dimensions and their subordinate clauses: general rules, awareness of the professional competence, rules of conduct, and professional due diligence. During the second phase the code was promulgated by the domestic computer-audit professional organization. And within half a year of its promulgation, a survey on its applicability was done by distributing questionnaires to a sample of 63 units, including internal audit departments of the financial institutions and their third party external audit organizations. According to the results of the survey, 44 units among them (70%) had already applied or were considering applying the code by using it as a reference to set up or improve their internal norms, to educate and train their audit staff, or as guidelines for the audit staff when conducting audit, etc. However, 8 units (13%) among them did not know how to apply it or assessed whether to apply it. The results of the survey revealed that further promotion of the code in its practical application needs to be strengthened. The code developed, which contains both auditing ethics and relevant information ethics, can serve as supplementary norms to the existing ethical codes related to internal or external audits, to enable the auditors to follow or based on which to weigh various alternatives when encountering related ethics issues. The results of the study facilitate the understanding of the integration of academic research and the effective solving of practical related norms issues. For future studies on the application of the code, sample frame can include the listed companies as well as audit practioners. |