內部控制與稽核 - myweb.scu.edu.twmyweb.scu.edu.tw/~hankgau/docs/ais/topic_05.pdf · –...
TRANSCRIPT
-
1.
2.
2
-
3
-
1. 2. 3.
4
[, #3 ]
-
5
-
(Cost-Benefit Concept)
6
-
$200,000
Solution 1. 6$300,0000Solution 2. 1$80,000$100,000
7
-
8
-
7-1
9
-
1.
2.
3.
4.
5.
10
7-1
-
7-1
- -
11
-
1. (1/2)
(ex. )
12
-
1. (2/2)
7-2
13
-
2.
14
-
3. (1/2)
15
-
3. (2/2)
(Access control)
16
-
4. (1/2)
17
-
4. (2/2)
18
-
5.
19
-
20
7-3 ERM
(Enterprise Risk Management, ERM)
-
(7-4)
1. 2. 3. 4. 5. 6. 7. 8.
21
-
7-5
22
-
(1/2)
1.
2. ()3.
4.
5. ()6.
23
-
(2/2)
()
24
-
7-1
()
/
25
-
1. (Preventive controls) (Detective controls) (Corrective controls)
2. (General controls) (Application controls)
26
-
(Preventive controls) Ex.
(Detective controls) Ex.
(Corrective controls) Ex.
27
-
(1/3)
()
(1)
(2)
(1) , (2) ,
28
1.
-
(2/3)
2.
29
-
(3/3)
3. (parity check) (dual read) (read after write) (echo check)
4. ID Password
5.
30
-
1. 1.2.
1.2.
2. (IC )
1.2.
3. Public-Key Infrastructure (PKI) ()
1.2.
4. PKI ()IC
1.2.IC
5. ()
1.2.
6. +
1.2.
-
(1/3)
1.
(check digits) p.351 ex. (validity test) ex. (field check) ex. (control total) ex. (direct data entry
procedures) ex.
32
-
R123456783A=10B=11C=12D=13E=14F=15G=16H=17J=18K=19M=21N=22P=23Q=24R=25S=26T=27U=28V=29W=30 X=31Y=32Z=33I=34O=35
R1234567825 1 2 3 4 5 6 7 8
2+5*9+1*8+2*7+3*6+4*5+5*4+6*3+7*2+8*1=16716710
10 7103 ()
00() 33
-
(2/3)
2.
(sequence check) ex.
(limit check) ex. (cross-footing balance
check) (file label) ex. RFID
34
-
(3/3)
3.
35
-
1.
2.
3.
4.
5.
6.
36
-
p.301305
1. 2. 3. 4. 5. 6.
37
-
(1/2)
38
-
(2/2)
39
-
7-2
7-3
41
-
R = L = P =
42
-
8-2
(On-line Backup) (Near-line Backup) (Off-line Backup)
43
-
44
-
1. 2. 3. 4. 5.
45
-
8-2
46
-
1.
2.
3.
4.
47
7-8
-
7-8
48
-
1. 2. 3. 4. 5.
49
7-9 7-10 7-11 3C
-
(Initiation)
50
7-9
-
51
-
52
-
53
-
7-3
(Deny of Service, DoS)
DES vs. RSA vs. SET
54