Combining Decision Making Trial and Evaluation Laboratory with Analytic Network Process to Perform an Investigation of Information Technology Auditing and Risk Control in an Enterprise Resource Planning Environment

Wen Hsien Tsai, Yu Wei Chou, Kuen Chang Lee, Wan Rung Lin, Elliott T.Y. Hwang

研究成果: 雜誌貢獻期刊論文同行評審

15 引文 斯高帕斯(Scopus)

摘要

The research examined different types of risk through interviews with experts. The risks studied include business interruption risk, process interdependency risk and system security risk. The decision making trial and evaluation laboratory is used to find the relationship among risks and combined with the analytic network process to select the optimal measures for reducing risks. The results indicate that information technology (IT) consultants prefer the Disaster Recovery Plan (DRP). They usually use the remote replication or High Availability (HA) to protect data. IT personnel believe that all of the IT risk controls are important. Auditors indicate that data access control is very important because users have to execute data access every day. Users of IT express a preference towards data input/output control as the most important control. The results achieved from all experts indicate that the most important controls overall are data input/output control, data access control and so on. Managers need to consider these risks to avoid any potential problems.

原文???core.languages.en_GB???
頁(從 - 到)176-193
頁數18
期刊Systems Research and Behavioral Science
30
發行號2
DOIs
出版狀態已出版 - 3月 2013

指紋

深入研究「Combining Decision Making Trial and Evaluation Laboratory with Analytic Network Process to Perform an Investigation of Information Technology Auditing and Risk Control in an Enterprise Resource Planning Environment」主題。共同形成了獨特的指紋。

引用此