| 摘要: | 隨著電腦技術應用的普及,交易數量快速成長,為因應環境、技術變化,如何確保符合法令、達成效率及效果又能保障資產安全成為銀行業內部稽核之挑戰。而如何確認是否有達成稽核目標,則以三大目標(營運效果及效率、財務報導可靠性、相關法令之遵循)及五要素(控制環境、風險評估、控制活動、資訊與溝通、監督)供組織作為設計與執行內部控制制度之基礎。且透過銀行三道防線,明確釐清組織內三道防線之權責、範圍,讓各單位了解其各自在銀行整體風險及控制架構所扮演之角色功能,降低內部控制風險。
而在銀行內部稽核在執行稽核工作時,可以使用規範(傳統)稽核制度或風險導向及數位化稽核制度方式,其風險導向稽核制度因更著重風險辨識、評估與管理,依法亦可以因評估後之風險高低而減少低風險單位的查核,且可以透過電腦輔助技術(CAATs)而能更有效率查核。
本研究探討導入風險導向及數位化稽核制度時可能會遇到之挑戰的分析及導入後可能會有之益處,在參考文獻及個人經驗建構雛型後,再以專家問卷進行雛形之修正,最後輔以深度訪談以瞭解修正後模型進行分析未來導入時可能會遇到之挑戰及導入後可能會有之益處,俾利未來導入時能針對評估因子作規劃,進而達成組織的營運策略及目標。
;With the widespread application of computer technology, the number of transactions has grown rapidly in the banking industry. To cope with environmental and technological changes, ensuring compliance with regulations, achieving efficiency and effectiveness, and safeguarding asset security have become challenges for internal auditing in the banking industry. The three main goals (operational efficiency and effectiveness, reliability of financial reporting, and compliance with relevant laws and regulations) and five components (control environment, risk assessment, control activities, information and communication, and monitoring) are used as the basis for designing and implementing internal control systems within the organization to confirm whether the auditing objectives have been achieved. Moreover, through the bank′s three lines of defense, the responsibilities and scope of the three lines of defense within the organization are clearly defined, allowing each unit to understand their role and function in the overall risk and control framework of the bank, thereby reducing internal control risks.
When conducting auditing work in the banking industry , rules-based auditing standard or risk-based and digital auditing standard can be used. The risk-based auditing standard focuses more on risk identification, assessment, and management. According to the law, low-risk units can be audited less based on their assessed risk level. Moreover, computer-assisted audit techniques (CAATs) can make auditing more efficient.
This study explores the analysis of the challenges that may be encountered when introducing risk-based and digital auditing standard and the benefits that may be obtained after their introduction. After constructing a prototype based on literature review and personal experience and revising it through expert questionnaires, in-depth interviews are conducted to understand whether the revised model can be used to analyze the challenges and benefit after importing in the future, so as to facilitate planning and then achieve organizational goals business strategy and objectives. |
