內部稽核人員知覺IT治理控制指標重要性及工作勝任感之研究

Abstract

IT對現在及未來的企業經營扮演關鍵競爭工具及角色。各國對公司治理的重視，直接促使IT治理(IT Governance)的成型與發展。沙賓法案希望透過法律的力量來提高財務報表的可信度，公司治理與IT治理是主要核心。因此如何提昇IT治理的品質水準，實為現代企業在經營管理上刻不容緩的要務。 本研究係採用問卷調查法探討內部稽核人員知覺IT治理控制指標重要性與工作勝任感，並參考國內、外相關文獻，作為設計本研究之研究工具之調查問卷。以內部稽核從業人員為研究範圍，以立意抽樣抽取實務界812位內稽核從業人員者為研究對象進行問卷調查。 研究結果發現如下 1.本研究證實，內部稽核從業人員認為IT治理控制所涵蓋的四個階段，其重要程度以「監控」階段居於首位，其次依序為「支付和支援」、「取得與建置」，最後為「組織與規劃」階段 2.IT治理控制各指標項目中以「確保惟有經授權者才有權限存取系統、資料及程式」最為重要 3.內部稽核從業人員在IT治理控制各指標項目工作中以「確保惟有經授權者才有權限存取系統、資料及程式」最為勝任

IT acts as a key competition tool and role to enterprises from now to future. Many countries attend to the corporate governance, impel IT Governance directly to make up and develop. The Sarbanes-Oxley Act hopes to improve the credibility of the financial statement through the strength of the law, it is a main core that the corporate governance and IT governance. So how to promote the quality level of IT governance , In fact, is a very urgent important task in modern business administration. This research adopts investigation methods by questionnaires to investigate the internal auditor what IT Governance Control Indicators Importance and Job Competent Sense they was Conscious, also we referred to domestic and foreign related citations to design our research tool for this research. To select the internal auditor of the practical fields as the research territory, by purposive sampling to select 812 internal auditors from practical fields as research objects to be investigated by the questionnaires. The result of study is found as follows： 1.This research verifies that the internal auditor consider IT Governance comprise four domains , Its importance that “Monitor” domain lies in the first place , secondly in order for “Deliver and support ” domain and “ Acquire and Implement” domain and “ plan and Organise” domain. 2.In every control indicators of IT governance , “assure it was not accept system, data and program until by authorized”that is most importance. 3. In every control indicators of job competent sense of Internal auditor ,“assure it was not accept system、data and program until by authorized”that is most competence.