電腦稽核專業倫理規範之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：49

、訪客IP：3.147.86.169

姓名

呂伯雲(Po-yun Lu) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

電腦稽核專業倫理規範之研究
(A study on the Code of Computer-Audit Professional Ethics)

相關論文

★ 技術商品銷售之技術人員關鍵職能探討	★ 資訊委外之承包商能力、信任及溝通與委外成效關係之個案研究
★ 兵工技術軍官職能需求分析-以某軍事工廠為例	★ 不同楷模學習模式對VB程式語言學習之影響
★ 影響採購「網路資料中心產品」因素之探討	★ 資訊人員績效評估之研究—以陸軍某資訊單位為例
★ 高職資料處理科學生網路成癮相關因素及其影響之探討	★ 資訊服務委外對資訊部門及人員之衝擊-某大型外商公司之個案研究
★ 二次導入ERP系統之研究-以某個案公司為例	★ 資料倉儲於證券產業應用之個案研究
★ 影響消費者採用創新數位產品之因素---以整合式手機為例	★ 企業合併下資訊系統整合過程之個案研究
★ 資料倉儲系統建置之個案研究	★ 電子表單系統導入之探討 - 以 A 公司為例
★ 企業資訊安全機制導入與評估–以H公司為例	★ 從人力網站探討國內資訊人力現況–以104銀行資料為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

當今資訊系統幾已普及各行業，稽核人員於稽核過程中常須使用電腦、接觸資訊或應用電腦輔助稽核技術，而衍生跨稽核與資訊領域之倫理議題，有異於傳統稽核情境。因此，有需建立涵蓋稽核倫理及相關資訊倫理之電腦稽核專業倫理規範。由於相關研究文獻尚有不足，故須收集專家意見以發展符合專家期待之倫理規範，並了解發展完成之規範是否符合實務使用需求。
本研究第一階段先依稽核倫理相關之理論、規範，與相關之資訊倫理議題等之文獻分析結果並參考專家意見，建立本規範雛型。再以焦點團體法、德爾菲法及舉辦公聽會等方式，廣泛收集意見。歷時近二年始發展完成本規範，其內容包含總則、專業職能認知、行為準則及專業上應有之注意等四構面及其下相關條款。本研究第二階段於本規範經國內電腦稽核專業組織公告後半年內，為了解其應用情形，對金融機構相關之內外部稽核單位計63家，進行問卷調查結果，雖有44家（占70%）已應用或考慮應用本規範，包括：參考本規範增（修）定其內規、納入教育宣導資料，或提供稽核人員參考使用等之應用方式。惟亦有8家（占13%）表示尚未想到如何應用或評估是否應用，顯示本規範之應用仍待加強宣導。
本倫理規範內容除涵蓋一般稽核倫理外，並將相關之資訊倫理予以納入，因而有異於現行內、外部稽核相關倫理規範，故可作為其通用補助性規範，俾稽核人員於面臨相關倫理議題時，有所遵循或權衡取捨。除此，本研究結果可提供如何應用學術研究以有效解決實務規範議題之案例。建議後續有關本規範應用情形之研究，其抽樣調查對象涵蓋所有產業之上市（櫃）公司，並調查實際從事稽核工作人員使用本規範之情形。

摘要(英)

In this day and age when most, if not all, industries are operating in the information technology environment, the auditors are often required to use computers, to gain access to relevant information or apply the computer-aided audit techniques. Thus the ethical issues involving both auditing and information ethics during auditing are quite different from those in the traditional auditing situations. Therefore, it is necessary to establish a new set of ethical protocols, namely, the code of computer-audit professional ethics, taking into account both auditing and relevant information ethics. Due to the insufficient related research literature, it is necessary to gather experts’ opinions to develop the code that meets their expectations and to make sure it is applicable in practice.
During the first phase of the study, the prototype of the code was drawn up based on the analysis of the related literature regarding ethical theories in auditing, current codes of auditing ethics, issues on information ethics as well as experts’ opinions. Successive collection of experts’ opinions extensively was continued by using methods of focus groups, Delphi methodology and holding public hearings, etc. It took nearly 2 years to complete the development of the code which contains the following 4 dimensions and their subordinate clauses: general rules, awareness of the professional competence, rules of conduct, and professional due diligence.
During the second phase the code was promulgated by the domestic computer-audit professional organization. And within half a year of its promulgation, a survey on its applicability was done by distributing questionnaires to a sample of 63 units, including internal audit departments of the financial institutions and their third party external audit organizations. According to the results of the survey, 44 units among them (70%) had already applied or were considering applying the code by using it as a reference to set up or improve their internal norms, to educate and train their audit staff, or as guidelines for the audit staff when conducting audit, etc. However, 8 units (13%) among them did not know how to apply it or assessed whether to apply it. The results of the survey revealed that further promotion of the code in its practical application needs to be strengthened.
The code developed, which contains both auditing ethics and relevant information ethics, can serve as supplementary norms to the existing ethical codes related to internal or external audits, to enable the auditors to follow or based on which to weigh various alternatives when encountering related ethics issues. The results of the study facilitate the understanding of the integration of academic research and the effective solving of practical related norms issues. For future studies on the application of the code, sample frame can include the listed companies as well as audit practioners.

關鍵字(中)

★ 資訊倫理
★ 稽核倫理
★ 電腦稽核
★ 專業倫理規範

關鍵字(英)

★ computer-audit
★ information ethics
★ auditing ethics
★ code of professional ethics

論文目次

摘　要 i
Abstract ii
誌　謝 iv
圖目錄 vii
表目錄 viii
第一章　緒論 1
1-1 研究背景與研究動機 1
1-2 研究問題與研究目的 3
1-3 研究流程 3
1-4 論文結構 5
第二章　文獻探討 6
2-1 電腦稽核之定義與專業特性 6
2-2 倫理與專業倫理規範 10
2-3 相關倫理理論 13
2-4 資訊倫理 16
2-5 稽核倫理 18
2-6 稽核倫理相關規範 20
第三章　研究方法 26
3-1 研究架構 28
3-2 資料收集方法與資料來源 29
第四章　資料收集與分析 32
4-1 電腦稽核專業倫理規範雛型 32
4-2 電腦稽核專業倫理規範第一版 36
4-3 電腦稽核專業倫理規範第二版 38
4-4 電腦稽核專業倫理規範第三版 45
4-5 電腦稽核專業倫理規範之特色 47
4-6 本倫理規範應用情形之問卷調查 50
4-7 本倫理規範應用情形之分析 50
4-8 本倫理規範應用情形之綜合討論 56
第五章　結論與建議 58
5-1 結論 58
5-2 實務與研究意涵 59
5-3 研究貢獻 60
5-4 研究限制與未來研究建議 60
參考文獻 62
附錄 69

參考文獻

刁明芳 (1997)。一百億國票風暴。台北：天下文化。
牛格正 (1991)。諮商專業倫理。台北：五南。
朱建民 (2005)。專業倫理與教學論文集（三）。桃園：長榮國際。
朱家榮 (2010)。資訊倫理初探。臺灣圖書館管理季刊，6(1)，106-120。
吳清山 (1998)。建立教師專業權威之探索-談專業知能、專業自主與專業倫理。初等教育學刊，6，41-58。
吳清山、林天祐 (2005)。教育新詞書。台北：高等教育文化。
吳琮璠 (2005)。會計財務資訊系統。台北：智勝文化。
呂伯雲 (2005)。應用知識管理於金融監理實務之經驗分享－以建立銀行CARSEL場外監控系統為例。電腦稽核，13，14-25。
李琪明 (2003)。倫理與生活。台北：五南。
沈清松 (1996)。倫理學理論與專業倫理教育。通識教育，3(2)，1-17。
林杏子、何瑞峰、黃立文、陳政德、顏郁人、林麗紅與柯玲琴 (2001)。資訊倫理。台北：華泰文化。
林坤鎮 (2002)。從美國安隆公司事件看會計師業者之自律與利益衝突之迴避。證券暨期貨管理。20(4)，18-24。
林柄滄、陳錦烽譯 (2009)。國際內部稽核協會國際內部稽核專業實務架構。中華民國內部稽核協會。
林火旺 (2009)。基本倫理學。台北：三民。
林火旺 (2011)。倫理學(2版）。台北：五南。
邱皓政 (2002)。問卷調查法。量化研究與統計分析。台北：五南。
洪莉竹 (2008) 。學校輔導人員專業倫理困境與因應策略之研究。教育心理學報，39(3)，451-472。
周惠文、呂伯雲 (2011)。萃取專家知識發展電腦稽核專業倫理規範之研究。電腦稽核，23，136-149。
胡幼慧 (1996)。焦點團體法。質性研究，頁223-237，台北：巨流。
徐村和 (1998)。模糊德菲層級分析法。模糊系統期刊，4(1)，59-72。
張培新 (2007)。企業倫理的理論與實踐初探。應用倫理研究通訊，44，36-51。
莊道明 (1996)。圖書館專業倫理，台北：文華。
莊道明 (1997)。建構資訊社會的新秩序–資訊倫理。國家政策（動態分析）雙週刊，175，11-12。
許倬雲 (1995)。現代社會的職業倫理，台北：洪建全基金會。
郭柏年 (2011)。規範道德理論的結構－論卡根的區分法。東吳哲學學報，23，81-107。
郭鴻志 (1998)。從網路倫理談資訊倫理教育。應用倫理研究通訊，5，19-20。
蕭宏恩 (2005)。哲學於專業倫理中的實踐－以醫護倫理為例。輔仁大學哲學論集，38，243-263。
蕭美惠 (2008/2/17)。風暴前兆-柯維爾聰明反被聰明誤虧空72億美元。工商時報，A 6 /國際舞台。
謝臥龍 (1997)。優良國中教師特質之德懷分析。教育研究資訊，5 (3)，14-28。
蘇裕惠 (2006)。內部稽核強化公司治理。內部稽核季刊，53，4-8。
Association for Computing Machinery (1992). ACM codes of ethics and professional conduct. Communications of the ACM, 5, 94-99.
Carr-Saunders, A. M. and Wilson, P. A. (1933). The Profession, Professional Associations - Great Britain. London, Oxford: Clarendon Press.
Champlain, J. ( 2003). Auditing Information Systems, 2nd edition, ISACA.
Corwin, R. G. (1970). Militant Professionalism. N Y: Meredith.
Delbecq, A.L., Van de Van, A. H. and Gustafson, D. H. (1975). Group Techniques for Program Planning: A Guide to Nominal Group and Dephi Process. IL: Scott-Foreman.
Eining, M. M. and Lee, G. M. (1997). Information ethics: An exploratory study from an international perspective. Journal of Information Systems, 11(1), 1-17.
Eisenberg, T. and Macey, J. R. (2004). Was arthur andersen different? An empirical examination of major accounting firm audits of large clients. Journal of Empirical Legal Studies, 1(2), 263-300.
Frankel, A. S. (1989). Professional Codes: Why, how, and with what impact? Journal of Business Ethics, 8(2/3), 109-115.
Frankena, W. K. (1963). Ethics, Englewood Cliffs, NJ: Prentice Hall.
Green, H., Hunter, C. and Moore, B. (1990). Assessing the environmental impact of tourism development: Using the Delphi technique. Tourism Management, 11(2), 11-120.
Huff, C. and Martin, C. D. (1995). A Framework for teaching ethics computing. Communications of the ACM, 38(12), 75-84.
Hunton, J. E., Wright, A. and Wright, S., (2004). Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems, 18 (2), 7-28.
Information System Audit and Control Association (2010). CISA Review Manual 2010.
Janvrin, D., Bierstaker, J. and Lowe, D. J. (2008). An examination of audit information technology use and perceived importance. Accounting Horizons, 22 (1), 1-21.
Kornhauser, W. (1962). Scientists in Industry: Conflict and Accommodation. Berkeley, University of California Press.
Kruse, W. G. and Heiser, J. G.. (2002). Computer forensics: incident response essentials. MA: Addison-Wesley.
Lawshe, C. H. (1975). A quantitative approach to content validity. Personnel Psychology, 28, 563-575.
Linstone, H. A. and, Turoff, M. (2002). The Delphi method: Techniques and applications. MA: Addison-Wesley.
Mason, R. O. (1986). Four ethical issues of the information age. Management Information Systems Quarterly, 10(1), 5-12.
Mason, R. O. (1995). Ethics to information technology issues. Communication of the ACM , 38(12), 55-57.
Mayeroff, M. (1971). On Caring. NY: Harper and Row.
Michael, R. C. and Ilkka, A. R. (1997). International business and trade in the next decade: Report from a Delphi study. Journal of International Business Studies, 28 (4), 827-844.
Mintz, S. M. (1995). Virtue ethics and accounting education. Issues in Accounting Education, 10(2), 247-67.
Moore, R. (2005). Cyber crime: Investigating High-Technology Computer Crime, Mississippi: Anderson Publishing.
Morgan, D. L. (1998). Focus Groups as Qualitative Research. CA: Sage.
Murry, J. W. and Hammons, J. O. (1995). Delphi: A versatile methodology for conducting qualitative research. The Review of Higher Education, 18(4), 423-436.
Noddings, N. (1986). Caring - A Feminine Approach to Ethics and Moral Education. University of California Press.
Parker, D. B., Susan, S. and Baker, B.N. (1990). Ethical Conflicts in Information and Computer Science, Technology and Business. MA: QED Information Sciences.
Preuss, L. (1998). On ethical theory in auditing. Managerial Auditing Journal, 13(9), 500–508.
Rest, J. (1981). Moral Behaviour and Moral Development. NY: John Wiley & Sons.
Rodney, J. N. and Gascoyne, C. (2009). Are we really doing enough? The current state of computer auditing. ISACA Journal, 4, 1.
Siegel, P. H. O’Shauhnessy, J. and Rigsby, J. T. (1995). A Reexamination of the internal auditors’’ code of ethics. Journal of Business Ethics, 14(11), 949-957.
Vinten, G. (1990). Business ethics: Busybody or corporate conscience? Managerial Auditing Journal, 5(2), 4-11.
Walsham, G. (1996). Ethical theory, codes of ethics, and IS practice. Information Systems Journal, 6(1), 69–81.
網路文獻
中華民國會計師公會全國聯合會 (2009)。中華民國會計師職業道德規範。2010年6月15日，取自：http://www.roccpa.org.tw/page1.aspx?no=8759&fno=151
中華民國會計師法 (2009)。2010年6月15日，取自：http://www.selaw.com.tw/Scripts/Query4.asp?B2=%AAk%B3W%AAu%AD%B2&FNAME=G0100301
中華民國審計人員任用條例 (1975)。2010年6月15日，取自：http://www.audit.gov.tw/Doc/DocDetail.aspx?menuid=Law&docno=112,
行政院金融監督管理委員會 (2011)。公開發行公司建立內部控制制度處理準則。2011年12月31日，取自﹕http://www.selaw.com.tw/Scripts/newsdetail.asp?no=G0100200
立法院法律系統 (2003)。中華民國刑法立法理由。2011年10月15日，取自：http://lis.ly.gov.tw/lgcgi/lglaw?@@1804289383
考試院全球資訊網 (2011)。文官制度與專技考試詞彙。2011年11月15日，取自：http://www.exam.gov.tw/lp.asp?ctNode=684&ctUnit=153&baseDSD=53&mp=1
孫中英 (2011/09/16)。國際新聞報。2011年10月5日，取自：http://paper.udn.com/udnpaper/PID0006/202176/web/#4L-3603261L
American Accounting Association. (2003). A Statement of Basic Auditing Concepts. Retrieved June 10, 2009, from http://aaahq.org/audit/index.htm
Association for Computing Machinery. (1973). ACM code of ethics and professional conduct. Retrieved March 1, 2011, from http://www.acm.org/about/code-of-ethics/#sect1
Carr, N. G. (2004). IT does’t matter. Harvard business press, 5-12. Retrieved June 10, 2010, from http://www.proxios.net/pdf/ITDoesn’’tMatter.pdf
Computer Ethics Institute. (1997). The ten commandments of computer ethics. Retrieved June 11, 2011, from http://www.cpsr.org/program/ethics/cei/html
Deloitte Touche Tohmatsu Limited. (2012). Principals of ethics and code of Conduct. Retrieved May 1, 2012, from http://www.deloitte.com/view/en_US/us/About/Ethics-Independence/Code-of-Ethics-and-Professional-Conduct/05d28c5504e86210VgnVCM100000ba42f00aRCRD.htm
Ernst & Young Gglobal Limited. (2008), Global Code of Conduct. Retrieved May 1, 2012, from http://www.ey.com/Publication/vwLUAssets/Ernst-Young Global Code of Conduct/$FILE/EY_Code_of_Conduct.pdf
Information System Audit and Control Association. (2004). Code of professional ethics. Retrieved May 1, 2009, from http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx
International Organization of Supreme Audit Institutions. (1998). Code of ethics and auditing standards in the public sector. Retrieved June 1, 2011, from http://www.saiga.co.za/documents/INTOSAI%20Code%20of%20Ethics%20for%20Auditors.pdf
Institute of International Auditors. (2009), Code of ethics. Retrieved June 1, 2011, from https://na.theiia.org/OntolicaSearch/Pages/DefaultResults.aspx?k=code%20of%20ethics%20&s
KPMG firms. (2005), KPMG Global Code of Conduct, Retrieved May 1, 2012, from http://www.kpmg.com/Global/en/whoweare/documents/global-code-of-conduct.pdf
PricewaterhouseCoopers. (2008), Code of Conduct, Retrieved May 1, 2012, from http://www.pwc.com/gx/en/ethics-business-conduct/code-of-conduct.jhtml
Thomas, C. B. (2002). Called to Account. Time Magazine. Retrieved June 11, 2011, from http://www.time.com/time/magazine/article/0,9171,263006,00.html

指導教授

周惠文(Huey-wen Chou)

審核日期

2012-8-28

推文