行動支付風險管理與稽核機制實證研究──以G數位科技股份有限公司為例

An Empirical Study of Risk Management and Auditing Mechanisms for Mobility Payment: A Case of G Digital Enterprise of Technology

隨著行動支付新興科技快速發展，給企業帶來發展契機卻也隱含著風險，也引發各界對於其安全性的疑慮，本研究從探究行動支付在應用上的威脅及風險著手，進一步發展一套行動支付環境下企業風險管理與稽核之機制，以確保組織的風險控管皆經良好設計並有效地執行。在研究策略上採用Gowin'sVee模型，藉由文獻探討與德爾菲專家問卷來建構及修正「企業於行動支付環境下之風險因子」、「行動支付環境下之內部控制稽核要項」，共得出86個風險因子與158項稽核要項，並依據企業交叉風險8類，作為風險因子的分類架構，進一步辨識這些稽核要項與風險類別的對應情況，因此可檢驗該內部控制是有機會解決此類行動支付風險。最終發展出一份行動支付風險管理與稽核手冊，由手冊中的檢核表，輔以CMMI模型，可作為企業自我評估行動支付環境下的風險是否有相關的內控有效地管理，同時識別出其內控及風險管理上的薄弱環節並作改善。後續透過個案研究的方式進行實務上的驗證，訪談過程中除了了解到個案公司在因應行動支付所採行的風險內部控制及稽核作法，更進一步地驗證本機制於個案公司實務上運用的可行性。

This studystartsfrom exploring the mobile payment risks. Further, developing a risk management and auditing mechanism for organizationunder mobile payment environment. To ensure that organization’s risk controlsare well-designed and effective implementation.Gowin’sVee model is adopted in the research strategy. Through literature review and the Delphi expert questionnaire, this studyconstructsand revisesa number of risk factorsand audit items under the mobile payment environment.Total are86 risk factors and 158 audit items. Then classificationsof risk factors relyupon the cross-risk of enterprise from the Research Central of Economics. Further identify these items corresponding to risk categories. This studycan be illustratedthat the internal controlshavethe opportunity resolvethetype of mobile payment risks,finally buildsa manual of mobile payment risk management and audit. By the checklist in manual, plus CMMImodel,organizationscanexecute self-assessment risk whether haverelatedinternal controlsto effectivemanagement.Afterwards, thesemechanismsinspect through a practical case to verify.In the interview,the inspection is understoodnot only the internal controlsand audit approachin response to mobile payment, but also revealsfeasibility of the mechanismson the practical usageby theG digital enterprise of technology.