大数据、云计算、移动互联技术促进财务信息化的发展，传统财务电算化手段 已经满足不了企业财务现代化的需要，财务共享模式成为帮助企业财务转型的有效 手段。企业集团财务共享服务中心的良好运行有赖于强大信息系统的支撑，企业的 信息化建设能否得到顺利开展，直接影响到财务共享服务中心的运营效果。我国企 业集团财务共享服务仍处于发展阶段，对财务共享服务中心信息系统进行 IT 审计 可以有效预防信息安全问题。及时关注 IT 审计风险、降低企业 IT 审计风险水平， 能为财务共享服务中心的良好运转保驾护航。 本文基于技术与组织互构论，结合 COBIT5 框架，采用层次分析法（AHP）和 熵权理论构建财务共享服务模式下的 IT 审计风险评价模型，并结合 JD 集团实例， 通过问卷调查，对 JD 集团财务共享服务中心 IT 审计风险进行评价，并提出 IT 审 计风险控制的建议。研究认为，财务共享服务模式下 IT 审计风险的范围扩大到技 术、流程、组织等方面，特别是流程和组织因素需要加强考虑。在企业层面，加强 管理层的信息安全意识，强化内部控制制度的建设，特别要重视人文因素对 IT 审 计风险的影响；在国家层面，需要进行 IT 审计框架和准则方面的制定，同时强化 企业和审计师 IT 风险防范的意识，培养专业 IT 审计人才。 关键词，财务共享服务；财务信息化；IT 审计风险；COBIT5II Abstract Big Data, Cloud Computing and Mobile Internet promote the development of financial informationization. Traditional means of computerized finance cannot meet the needs of enterprise financial modernization. Financial sharing mode has become an effective means to help financial transformation. The operation of FSSC depends on the support of powerful information system. Whether the information construction of enterprises can be carried out smoothly directly affects the operation effect of FSSC. The information construction of enterprises can be carried out smoothly, and the evaluation and control of IT audit risk is very important. Financial sharing service is still in the stage of development. IT audit of Financial Sharing Service Center information system can effectively prevent information security problems. Paying attention to IT audit risk in time can reduce enterprise IT audit risk level, and escort the good operation of FSSC. Based on the theory of technology and organization mutual construction, combined with COBIT5, this thesis builds an IT audit risk assessment model of FSSC by using the theory of AHP and Entropy Weight. With the example of JD Group, the thesis collects data by questionnaire survey, evaluates the IT audit risk of JD Group's FSSC, and puts forward some suggestions on IT audit risk control. According to the research, the scope of IT audit risk of FSSC is extended to technology, process and organization, and the organizational factors need to be taken into account. At the enterprise level, we should strengthen the information security awareness of management and the construction of internal control system, and we should pay special attention to the influence of humanistic factors on IT audit risk; at the national level, we need to formulate IT audit framework and standards, at the same time, strengthen the awareness of IT audit risks of enterprises and auditors, and train professional IT audit personnel. Key words: Financial Sharing Services; Financial Informatization; IT Audit Risk; COBIT5III 目 录 第 1 章 绪论....................................................................................................................1 1.1 研究背景和意义......................................................................................................1 1.2 文献综述..................................................................................................................2 1.2.1 关于财务共享服务中心的相关研究 ...............................................................2 1.2.2 关于 IT 审计与 IT 审计风险的相关研究........................................................6 1.2.3 国内外相关研究述评.......................................................................................7 1.3 研究内容和研究方法 ..............................................................................................8 第 2 章 核心概念与相关理论基础..............................................................................10 2.1 核心概念................................................................................................................10 2.1.1 财务共享服务.................................................................................................10 2.1.2 IT 审计.............................................................................................................10 2.1.3 IT 审计风险.....................................................................................................11 2.2 IT 审计风险的范围与分类....................................................................................12 2.2.1 技术与组织之间的关系.................................................................................12 2.2.2 FSSC 的 IT 审计风险范围..............................................................................13 2.2.3 FSSC 的 IT 审计风险的分类..........................................................................14 2.3 IT 审计风险评价的标准........................................................................................15 2.3.1 COBIT5 基本概念...........................................................................................15 2.3.2 COBIT5 主要内容...........................................................................................15 第 3 章 我国财务共享服务中心发展现状..................................................................17 3.1 财务共享服务中心的发展历程............................................................................17 3.1.1 基本模式.........................................................................................................17 3.1.2 市场模式.........................................................................................................18 3.1.3 高级市场模式.................................................................................................18 3.1.4 独立经营模式.................................................................................................18 3.2 我国 FSSC 信息系统应用现状.............................................................................19 3.2.1 积极采用新技术、新应用.............................................................................19 3.2.2 FSSC 信息系统的架构....................................................................................20 3.2.3 FSSC 的业务模块均已实现信息化................................................................21 3.2.4 财务共享模式成为提供决策支持的有效手段 .............................................22 3.2.5 移动互联技术提供高效服务.........................................................................22IV 3.2.6 大数据分析方法直接应用于财务领域 .........................................................23 3.3 财务机器人在 FSSC 的运用.................................................................................24 第 4 章 FSSC 的 IT 审计风险评价模型构建..............................................................25 4.1 层次结构模型的构建............................................................................................25 4.2 层次结构模型指标权重的确定............................................................................27 4.3 IT 审计风险评价模型分析步骤............................................................................28 第 5 章 案例分析..........................................................................................................30 5.1 JD 集团财务共享服务中心简介 ...........................................................................30 5.2 JD 财务共享服务中心信息系统建设概况 ...........................................................30 5.3 JD 集团 FSSC 的 IT 审计风险评价 ......................................................................32 5.3.1 IT 审计风险评价过程 .....................................................................................32 5.3.1 IT 审计风险评价结果 ................................................................