本研究旨在建構銀行利用電腦輔助內部稽核時評估風險的架構,首先透過文獻分析,彙整定義評估風險準則,再經由專家問卷確定準則指標,並結合 DEMATEL及 ANP法,分析各項評估風險準則之間的因果關係與相對權重,建立一套具體的風險評估模式,以提供銀行評估利用電腦內部稽核風險時,明確的評估系統。 研究結果顯示,降低銀行利用電腦輔助內部稽核風險,最重要的準則因素是「法令遵循」,而「組織的認同」因素,則可以檢定、觀測整體銀行利用電腦輔助內部稽核的風險管理能力之重要指標。改善銀行內部稽核的風險,將不再是單純的業務檢查及事後報告,必須具備電腦專業知識與技能,利用稽核檢查軟體,提升內部控制制度事前的風險判斷及預防之能力。本研究建議,銀行重視內部稽核人員職責,並重視與提升內部稽核人員電腦專業素養的養成,或晉用擁有電腦專業技能的稽核人員,將可有效降低改善銀行利用電腦輔助內部稽核之風險。
This study aims to construct a risk assessment framework for computer-aided internal auditing for the banking industry. Based on literature review, this paper first generalizes and defines the risk criteria. Then, by expert survey, it determines the criteria indicators, and then,employsDEMATELandANPtoanalyzethe causalrelationships andrelativeweights among the risk assessment criteria, in order to develop a concrete risk assessment model. This system can be used by banks to assess internal auditing risks. The results indicate that the most important risk criterion involved in lowering computer-aided internal auditing is “legal compliance.” “Organizational identification” is the main indicator for examining and observing the risk management abilities of computer-aided internal auditing. Lessening internal auditing risks is no longer a simple administrative procedure and post hoc report, but requires computer knowledge and proficiency in order to enhance the prior risk judgments and prevention abilities of an internal control system. This study suggests that banks should concentrate on the job functions of internal auditors, enhance the computer proficiency of internal auditors, and recruit auditors with computer proficiency in order to effectively lower internal auditing risks of banks.
