簡易檢索 / 詳目顯示
| 研究生: |
孫玉琪 Sun, Yu-Chi |
|---|---|
| 論文名稱: |
數位化風險管理:零售業之內部控制與稽核 Digital Risk Management: Internal Control and Auditing in the Retail Industry |
| 指導教授: |
張士傑
Chang, Shih-Chieh |
| 口試委員: |
張元晨
許素珠 |
| 學位類別: |
碩士
Master |
| 系所名稱: |
商學院 - 經營管理碩士學程(EMBA) Executive Master of Business Administration(EMBA) |
| 論文出版年: | 2026 |
| 畢業學年度: | 114 |
| 語文別: | 中文 |
| 論文頁數: | 54 |
| 中文關鍵詞: | 數位化風險管理 、內部控制 、流程探勘 、持續稽核/監控 、機器學習 |
| 外文關鍵詞: | Digital risk management, Internal control, Process mining, Continuous auditing/monitoring, Machine learning |
| 相關次數: | 點閱:16 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
本研究聚焦零售產業在數位轉型情境下之風險樣態與治理挑戰,探討如何將舞弊理論(舞弊三角、鑽石、五角及代理理論)與內控/IT治理框架(COSO、COBIT)整合,建構一套可操作、量測及可落地的數位化風險管理體系。研究設計以「概念性模型建構」與「比較個案」並行:前者提出五層防禦架構,將流程探勘(PM)、機器流程自動化(RPA)、持續稽核/監控(CA/CM)、機器學習(AI/ML)與圖神經網絡(GNN)分工與互補關係予以系統化;後者以「瘋狂艾迪案」(Crazy Eddie) 等經典案例為鏡,對照理論假設與治理失靈來源,找出可觀測的數位徵象與指標。
研究結果提出「五層防禦稽核架構」,將「治理構面-數位挑戰-工具解方-衡量指標」對映,並以「三道模型」搭配跨部門共享KPI(偵測率、告警時滯)形成自上而下與自下而上的治理。理論上,本文補足經典舞弊理論在數位場景下之操作缺口;方法上,提供流程-資料-指標的可複製範本;實務上,說明零售 O2C/P2P 等高風險流程中,如何導入「五層防禦稽核架構」的組合應用,以降低「機會」、抑制「能力」、縮短資訊落差時間差,並強化第三方依賴情境下的可回證性。本文亦揭露邊界條件(資料品質、跨域存取、模型治理與倫理)與未來研究方向(小型實證、準實驗與跨產業對比),供後續延伸。
This study focuses on the emerging risk patterns and governance challenges faced by the retail industry amid digital transformation. It aims to integrate fraud theories with internal control and IT governance frameworks (COSO and COBIT) to construct an operational and measurable digital risk-management system. The research design combines conceptual model building and comparative case analysis. The former proposes a five-layer defense architecture incorporating process mining (PM), robotic process automation (RPA), continuous auditing and monitoring (CA/CM), artificial intelligence and machine learning (AI/ML), and graph neural networks (GNN). The latter adopts classic fraud cases such as Crazy Eddie as benchmarks to contrast theoretical assumptions, identify the sources of governance failure, and extract observable digital signals and supervisory indicators.
The findings present a “five-layer defense audit framework” spanning governance, technology, and measurement dimensions, which systematically maps “governance themes–digital challenges–tool solutions–measurement indicators.” By combining the three-lines-of-defense model with cross-department shared KPIs (e.g., detection rate and alert latency), the framework forms an integrated top-down and bottom-up governance model. This research fills the operationalization gap of traditional fraud theories in digital contexts and provides a replicable, process-data-indicator–oriented analytical template. Practically, it demonstrates the feasibility of implementing combined digital defense mechanisms in high-risk processes such as O2C and P2P in the retail industry to reduce opportunities for fraud, constrain improper capabilities, and shorten information-gap latency.
第一章 緒論 1
第一節 研究背景 1
第二節 研究目的與核心問題 2
第三節 研究貢獻及研究方法 4
第二章 文獻探討:舞弊、公司治理與內控理論 7
第一節 舞弊理論的演進與數位化延伸 7
第二節 內控框架的侷限與挑戰:COSO 與 COBIT 的再定位 13
第三章 演進中的治理:整合數位時代的控制與稽核 19
第一節 治理的演進脈絡 19
第二節 協作的新藍圖:IIA《三道模型》 20
第三節 新治理模式的整合 21
第四章 科技工具與數位稽核架構之建立 23
第一節 流程探勘 (PM) 23
第二節 機器流程自動化 (RPA) 26
第三節 持續性稽核與監控 (CA/CM) 29
第四節 人工智慧/機器學習 (AI/ML) 32
第五節 圖神經網路 (GNN) 34
第六節 科技工具成效的量化分析 41
第五章 組織轉型與人才再造 42
第一節 稽核職能的重新定位 42
第二節 數位時代對稽核人員的技能要求 42
第三節 組織變革的挑戰與應對 43
第六章 實務挑戰與階段性導入策略 45
第一節 導入前的挑戰 45
第二節 階段性導入策略 46
第七章 結論 51
參考文獻 53
Cressey, D. R.(1953) . Other people's money: A study in the social psychology of embezzlement. Glencoe,IL;Free Press.
Wolfe, D. T., & Hermanson, D. R.(2004). The fraud diamond: Considering the four elements of fraud. The CPA Journal, 74(12), 38-42.
Marks, N. (2012). The fraud pentagon. CPA Journal, 82(11), 6–9.
Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4), 305-360. https://doi.org/10.1016/0304-405X(76)90026-X
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2013). Internal control - Integrated framework: Executive summary. COSO.
ISACA. (2012). COBIT 5: A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA.
ISACA. (2018) COBIT 2019 framework: Governance and management objectives. Schaumburg, IL: ISACA.
The Institute of Internal Auditors (IIA). (2013) The three lines of defense in effective risk management and control. Altamonte Springs, FL: The Institute of Internal Auditors.
European Confederation of Institutes of Internal Auditing (ECIIA), & Federation of European Risk Management Associations (FERMA) (2010). Guidance on the 8th EU company law directive: Risk management and internal control. ECIIA & FERMA.
The Institute of Internal Auditors (IIA).(2020). The three lines model: An update of the three lines of defense. Altamonte Springs, FL: The Institute of Internal Auditors.
The Institute of Internal Auditors (IIA).(2015). Global Technology Audit Guide (GTAG) 3: Continuous auditing: Coordinating continuous auditing and monitoring to provide continuous assurance (2nd ed.) Altamonte Springs, FL: The Institute of Internal Auditors.
Jans, M., Alles, M., & Vasarhelyi, M. A. (2013) The case for process mining in auditing: Sources of value added and areas of application. International Journal of Accounting Information Systems, 14(1), 1–20.
Moffitt, K. C., Rozario, A. M., & Vasarhelyi, M. A. (2018). Robotic process automation for auditing. Journal of Emerging Technologies in Accounting,15(1) 1–10.
Perols, J. L., Bowen, R. M., Zimmermann, C., & Samba, B. (2017). Finding needles in a haystack: Using data analytics to improve fraud prediction. The Accounting Review, 92(2), 221–245.
Wang, D., Lin, J., Cui, P., Jia, Q., Wang, Z., Fang, Y., Yu, Q., Zhou, J., Yang, S., & Qi, Y. (2020). A semi-supervised graph attentive network for financial fraud detection (arXiv:2003.01171. arXiv. https://arxiv.org/abs/2003.01171
全文公開日期 2027/01/15