审计学毕业论文外文文献及翻译

（（英文参考文献及译文）二〇一六年六月本科毕业论文 题 目：STATISTICAL SAMPLING METHOD, USED INTHE AUDIT学生姓名：王雪琴学 院：管理学院系 别：会计系专 业：财务管理班 级：财管12-2班 学校代码： 10128 学 号： 201210707016Statistics and AuditRomanian Statistical Review nr. 5 / 2010STATISTICAL SAMPLING METHOD, USED IN THE AUDIT - views, recommendations, fi ndingsPhD Candidate Gabriela-Felicia UNGUREANUAbstractThe rapid increase in the size of U.S. companies from the earlytwentieth century created the need for audit procedures based on the selectionof a part of the total population audited to obtain reliable audit evidence, tocharacterize the entire population consists of account balances or classes oftransactions. Sampling is not used only in audit – is used in sampling surveys,market analysis and medical research in which someone wants to reach aconclusion about a large number of data by examining only a part of thesedata. The difference is the “population” from which the sample is selected, iethat set of data which is intended to draw a conclusion. Audit sampling appliesonly to certain types of audit procedures.Key words: sampling, sample risk, population, sampling unit, tests ofcontrols, substantive procedures.Statistical samplingCommittee statistical sampling of American Institute of CertifiedPublic Accountants of (AICPA) issued in 1962 a special report, titled“Statistical sampling and independent auditors’ which allowed the use ofstatistical sampling method, in accordance with Generally Accepted AuditingStandards (GAAS). During 1962-1974, the AICPA published a series of paperson statistical sampling, “Auditor’s Approach to Statistical Sampling”, foruse in continuing professional education of accountants. During 1962-1974,the AICPA published a series of papers on statistical sampling, “Auditor’sApproach to Statistical Sampling”, for use in continuing professional educationof accountants. In 1981, AICPA issued the professional standard, “AuditSampling”, which provides general guidelines for both sampling methods,statistical and non-statistical.Earlier audits included checks of all transactions in the period coveredby the audited financial statements. At that time, the literature has not givenparticular attention to this subject. Only in 1971, an audit procedures programprinted in the “Federal Reserve Bulletin (Federal Bulletin Stocks)” includedseveral references to sampling such as selecting the “few items” of inventory.Statistics and Audit The program was developed by a special committee, which later became the AICPA, that of Certified Public Accountants American Institute.In the first decades of last century, the auditors often applied sampling, but sample size was not in related to the efficiency of internal control of the entity. In 1955, American Institute of Accountants has published a study case of extending the audit sampling, summarizing audit program developed by certified public accountants, to show why sampling is necessary to extend the audit. The study was important because is one of the leading journal on sampling which recognize a relationship of dependency between detail and reliability testing of internal control.In 1964, the AICPA’s Auditing Standards Board has issued a report entitled “The relationship between statistical sampling and Generally Accepted Auditing Standards (GAAS)” which illustrated the relationship between the accuracy and reliability in sampling and provisions of GAAS.In 1978, the AICPA published the work of Donald M. Roberts,“Statistical Auditing”which explains the underlying theory of statistical sampling in auditing.In 1981, AICPA issued the professional standard, named “Audit Sampling”, which provides guidelines for both sampling methods, statistical and non-statistical.An auditor does not rely solely on the results of a single procedure to reach a conclusion on an account balance, class of transactions or operational effectiveness of the controls. Rather, the audit findings are based on combined evidence from several sources, as a consequence of a number of different audit procedures. When an auditor selects a sample of a population, his objective is to obtain a representative sample, ie sample whose characteristics are identical with the population’s characteristics. This means that selected items are identical with those remaining outside the sample.In practice, auditors do not know for sure if a sample is representative, even after completion the test, but they “may increase the probability that a sample is representative by accuracy of activities made related to design, sample selection and evaluation” [1]. Lack of specificity of the sample results may be given by observation errors and sampling errors. Risks to produce these errors can be controlled.Observation error (risk of observation) appears when the audit test did not identify existing deviations in the sample or using an inadequate audit technique or by negligence of the auditor.Sampling error (sampling risk) is an inherent characteristic of the survey, which results from the fact that they tested only a fraction of the total population. Sampling error occurs due to the fact that it is possible for Revista Română de Statistică nr. 5 / 2010Statistics and Auditthe auditor to reach a conclusion, based on a sample that is different from the conclusion which would be reached if the entire population would have been subject to audit procedures identical. Sampling risk can be reduced by adjusting the sample size, depending on the size and population characteristics and using an appropriate method of selection. Increasing sample size will reduce the risk of sampling; a sample of the all population will present a null risk of sampling.Audit Sampling is a method of testing for gather sufficient and appropriate audit evidence, for the purposes of audit. The auditor may decide to apply audit sampling on an account balance or class of transactions. Sampling audit includes audit procedures to less than 100% of the items within an account balance or class of transactions, so all the sample able to be selected. Auditor is required to determine appropriate ways of selecting items for testing. Audit sampling can be used as a statistical approach and a non- statistical.Statistical sampling is a method by which the sample is made so that each unit consists of the total population has an equal probability of being included in the sample, method of sample selection is random, allowed to assess the results based on probability theory and risk quantification of sampling. Choosing the appropriate population make that auditor’ findings can be extended to the entire population.Non-statistical sampling is a method of sampling, when the auditor uses professional judgment to select elements of a sample. Since the purpose of sampling is to draw conclusions about the entire population, the auditor should select a representative sample by choosing sample units which have characteristics typical of that population. Results will not extrapolate the entire population as the sample selected is representative.Audit tests can be applied on the all elements of the population, where is a small population or on an unrepresentative sample, where the auditor knows the particularities of the population to be tested and is able to identify a small number of items of interest to audit. If the sample has not similar characteristics for the elements of the entire population, the errors found in the tested sample can not extrapolate.Decision of statistical or non-statistical approach depends on the auditor’s professional judgment which seeking sufficient appropriate audits evidence on which to completion its findings about the audit opinion.As a statistical sampling method refer to the random selection that any possible combination of elements of the community is equally likely to enter the sample. Simple random sampling is used when stratification was not to audit. Using random selection involves using random numbers generated byRomanian Statistical Review nr. 5 / 2010Statistics and Audit a computer. After selecting a random starting point, the auditor found the first random number that falls within the test document numbers. Only when the approach has the characteristics of statistical sampling, statistical assessments of risk are valid sampling.In another variant of the sampling probability, namely the systematic selection (also called random mechanical) elements naturally succeed in office space or time; the auditor has a preliminary listing of the population and made the decision on sample size. “The auditor calculated a counting step, and selects the sample element method based on step size. Step counting is determined by dividing the volume of the community to sample the number of units desired. Advantages of systematic screening are its usability. In most cases, a systematic sample can be extracted quickly and method automatically arranges numbers in successive series.”[2].Selection by probability proportional to size - is a method which emphasizes those population units’recorded higher values. The sample is constituted so that the probability of selecting any given element of the population is equal to the recorded value of the item;Stratifi ed selection - is a method of emphasis of units with higher values and is registered in the stratification of the population in subpopulations. Stratification provides a complete picture of the auditor, when population (data table to be analyzed) is not homogeneous. In this case, the auditor stratifies a population by dividing them into distinct subpopulations, which have common characteristics, pre-defined. “The objective of stratification is to reduce the variability of elements in each layer and therefore allow a reduction in sample size without a proportionate increase in the risk of sampling.” [3] If population stratification is done properly, the amount of sample size to come layers will be less than the sample size that would be obtained at the same level of risk given sample with a sample extracted from the entire population. Audit results applied to a layer can be designed only on items that are part of that layer.I appreciated as useful some views on non-statistical sampling methods, which implies that guided the selection of the sample selecting each element according to certain criteria determined by the auditor. The method is subjective; because the auditor selects intentionally items containing set features him.The selection of the series is done by selecting multiple elements series (successive). Using sampling the series is recommended only if a reasonable number of sets used. Using just a few series there is a risk that the sample is not representative. This type of sampling can be used in addition to other samples, where there is a high probability of occurrence of errors. At the arbitrary selection, no items are selected preferably from the auditor, Revista Română de Statistică nr. 5 / 2010Statistics and Auditthat regardless of size or source or characteristics. Is not the recommended method, because is not objective.That sampling is based on the auditor’s professional judgment, which may decide which items can be part or not sampled. Because is not a statistical method, it can not calculate the standard error. Although the sample structure can be constructed to reproduce the population, there is no guarantee that the sample is representative. If omitted a feature that would be relevant in a particular situation, the sample is not representative.Sampling applies when the auditor plans to make conclusions about population, based on a selection. The auditor considers the audit program and determines audit procedures which may apply random research. Sampling is used by auditors an internal control systems testing, and substantive testing of operations. The general objectives of tests of control system and operations substantive tests are to verify the application of pre-defined control procedures, and to determine whether operations contain material errors.Control tests are intended to provide evidence of operational efficiency and controls design or operation of a control system to prevent or detect material misstatements in financial statements. Control tests are necessary if the auditor plans to assess control risk for assertions of management.Controls are generally expected to be similarly applied to all transactions covered by the records, regardless of transaction value. Therefore, if the auditor uses sampling, it is not advisable to select only high value transactions. Samples must be chosen so as to be representative population sample.An auditor must be aware that an entity may change a special control during the course of the audit. If the control is replaced by another, which is designed to achieve the same specific objective, the auditor must decide whether to design a sample of all transactions made during or just a sample of transactions controlled again. Appropriate decision depends on the overall objective of the audit test.Verification of internal control system of an entity is intended to provide guidance on the identification of relevant controls and design evaluation tests of controls.Other tests:In testing internal control system and testing operations, audit sample is used to estimate the proportion of elements of a population containing a characteristic or attribute analysis. This proportion is called the frequency of occurrence or percentage of deviation and is equal to the ratio of elements containing attribute specific and total number of population elements. WeightRomanian Statistical Review nr. 5 / 2010Statistics and Audit deviations in a sample are determined to calculate an estimate of the proportion of the total population deviations.Risk associated with sampling - refers to a sample selection which can not be representative of the population tested. In other words, the sample itself may contain material errors or deviations from the line. However, issuing a conclusion based on a sample may be different from the conclusion which would be reached if the entire population would be subject to audit.Types of risk associated with sampling:Controls are more effective than they actually are or that there are not significant errors when they exist - which means an inappropriate audit opinion. Controls are less effective than they actually are that there are significant errors when in fact they are not - this calls for additional activities to establish that initial conclusions were incorrect.Attributes testing - the auditor should be defining the characteristics to test and conditions for misconduct. Attributes testing will make when required objective statistical projections on various characteristics of the population. The auditor may decide to select items from a population based on its knowledge about the entity and its environment control based on risk analysis and the specific characteristics of the population to be tested.Population is the mass of data on which the auditor wishes to generalize the findings obtained on a sample. Population will be defined compliance audit objectives and will be complete and consistent, because results of the sample can be designed only for the population from which the sample was selected.Sampling unit - a unit of sampling may be, for example, an invoice, an entry or a line item. Each sample unit is an element of the population. The auditor will define the sampling unit based on its compliance with the objectives of audit tests.Sample size - to determine the sample size should be considered whether sampling risk is reduced to an acceptable minimum level. Sample size is affected by the risk associated with sampling that the auditor is willing to accept it. The risk that the auditor is willing to accept lower, the sample will be higher.Error - for detailed testing, the auditor should project monetary errors found in the sample population and should take into account the projected error on the specific objective of the audit and other audit areas. The auditor projects the total error on the population to get a broad perspective on the size of the error and comparing it with tolerable error.For detailed testing, tolerable error is tolerable and misrepresentations Revista Română de Statistică nr. 5 / 2010Statistics and Auditwill be a value less than or equal to materiality used by the auditor for the individual classes of transactions or balances audited. If a class of transactions or account balances has been divided into layers error is designed separately for each layer. Design errors and inconsistent errors for each stratum are then combined when considering the possible effect on the total classes of transactions and account balances.Evaluation of sample results - the auditor should evaluate the sample results to determine whether assessing relevant characteristics of the population is confirmed or needs to be revised.When testing controls, an unexpectedly high rate of sample error may lead to an increase in the risk assessment of significant misrepresentation unless it obtained additional audit evidence to support the initial assessment. For control tests, an error is a deviation from the performance of control procedures prescribed. The auditor should obtain evidence about the nature and extent of any significant changes in internal control system, including the staff establishment.If significant changes occur, the auditor should review the understanding of internal control environment and consider testing the controls changed. Alternatively, the auditor may consider performing substantive analytical procedures or tests of details covering the audit period.In some cases, the auditor might not need to wait until the end audit to form a conclusion about the effectiveness of operational control, to support the control risk assessment. In this case, the auditor might decide to modify the planned substantive tests accordingly.If testing details, an unexpectedly large amount of error in a sample may cause the auditor to believe that a class of transactions or account balances is given significantly wrong in the absence of additional audit evidence to show that there are not material misrepresentations.When the best estimate of error is very close to the tolerable error, the auditor recognizes the risk that another sample have different best estimate that could exceed the tolerable error.ConclusionsFollowing analysis of sampling methods conclude that all methods have advantages and disadvantages. But the auditor is important in choosing the sampling method is based on professional judgment and take into account the cost / benefit ratio. Thus, if a sampling method proves to be costly auditor should seek the most efficient method in view of the main and specific objectives of the audit.Romanian Statistical Review nr. 5 / 2010Statistics and Audit The auditor should evaluate the sample results to determine whether the preliminary assessment of relevant characteristics of the population must be confirmed or revised. If the evaluation sample results indicate that the relevant characteristics of the population needs assessment review, the auditor may: require management to investigate identified errors and likelihood of future errors and make necessary adjustments to change the nature, timing and extent of further procedures to take into account the effect on the audit report.Selective bibliography:[1] Law no. 672/2002 updated, on public internal audit[2] Arens, A şi Loebbecke J - Controve …Audit– An integrate approach”, 8th edition, Arc Publishing House[3] ISA 530 - Financial Audit 2008 - International Standards on Auditing, IRECSON Publishing House, 2009- Dictionary of macroeconomics, Ed C.H. Beck, Bucharest, 2008Revista Română de Statistică nr. 5 / 2010Statistics and Audit摘要美国公司的规模迅速增加，从第二十世纪初创造了必要的审计程序，根据选定的部分总人口的审计，以获得可靠的审计证据，以描述整个人口组成的帐户余额或类别的交易。

盛年不重来，一日难再晨。

及时宜自勉，岁月不待人。

Independent audit risk analysis and preventive measures AbstractPrevious studies have utilized a variety of approaches to determine appropriate criteria to evaluate the effectiveness of the internal audit function. For example, considered the degree of compliance with standards as one of the factors which affects internal audit performance. A 1988 research report from the IIA-United Kingdom（IIA-UK，1988）focused on the perceptions of both senior management and external auditors of the value of the internal audit function. The study identified the difficulty of measuring the value of services provided as a major obstacle to such an evaluation. Profitability, cost standards and the effectiveness of resource utilization were identified as measures of the value of services. In its recommendations it highlighted the need to ensure that audit work complies with SPPIA.In the US, Albrecht et al.(1988)studied the roles and benefits of the internal audit function and developed a framework for the purpose of evaluating internal audit effectiveness. They found that there were four areas that the directors of internal audit departments could develop to enhance effectiveness: an appropriate corporate environment, top management support, high quality internal audit staff and high quality internal audit work. The authors stressed that management and auditors should recognize the internal audit function as a value-adding function to the organization. In the UK, Ridley and D’Silva (1997) identified the importance of complying with professional standards as the most important contributor to the internal audit function adding value.Key wordsAudit,Risk, Internal Control, AuditingCompliance with SPPIAA number of studies have focused on the SPPIA standard concerned with independence.Clark et al.(1981) found that the independence of the internal audit department and the level of authority to which internal audit staff report were the two most important criteria influencing the objectivity of their work. Plumlee (1985) focused on potential threats to internal auditor objectivity,particularly whether participation in the design of an internal control system influenced judgements as to the quality and effectiveness of that system. Plumlee found that such design involvement produced bias that could ultimately threaten objectivity.The relationship between the internal audit function and company management more generally is clearly an important factor in determining internal auditor objectivity. Harrell et al. (1989) suggested that perceptions of the views and desires of management could influence the activities and judgement of internal auditors. Also, they found that internal auditors who were members of the IIA were less likely to succumb to such pressure.Ponemon (1991) examined the question of whether or not internal auditors will report sensitive issues uncovered during the course of their work. He concluded that the three factors affecting internal auditor objectivity were their social position in the organization, their relationship with management and the existence of a communication channel to report wrongdoing.The independence of internal audit departmentsCommentators and standard setters identify independence as being a key attribute of the internal audit department. From the questionnaire responses 60 (77%) of the internal audit departments stated that there was a written document defining the purpose, authority and responsibility of the department. In nearly all instances where there was such a document the terms of reference of the internal audit department had been agreed by senior management (93%), the document identified the role of the internal audit department in the organization, and its rights of access to individuals, records and assets (97%), and the document set out the scope of internal auditing (90%). Respondents were asked to assess the extent to which the relevant document was consistent with the specific requirements of SPPIA. In those departments where such a document existed 27 (45%) claimed full compliance with SPPIA, 23 (38%) considered their document to be partially consistent with SPPIA. In more than one-third of the departments surveyed either no such document existed (n=18,23%) or the respondent was not aware whether or not the document complied with SPPIA (n=10, 13%).SPPIA suggests that independence is enhanced when the organization’s board of directors concurs with the appointment or removal of the director of the internal audit department, and that the director of the internal audit department is responsible to an individual of suitable seniority within the organization. It is noticeable that in 47 companies (60%) their responsibilities with regard to appointment, removal and the receipt of reports lay with non-senior management, normally a general manager. SPPIA recommends that the director of the internal audit department should have direct communication with the board of directors to ensure that the department is independent, and provides a means for the director of internal auditing and the board of directors to keep each other informed on issues of mutual interest. The interviews with directors of internal audit departments showed that departments tended to report to general managers rather than the board of directors. Further evidence of the lack of access to the board of directors was provided by the questionnaire responses showing that in almost half the companies, members of the internal audit department have never attended board meetings and in only two companies did attendance take place regularly.Unrestricted access to documentation and unfettered powers of enquiry are important aspects of the independence and effectiveness of internal audit. The questionnaire responses revealed that 34 (44%) internal audit directors considered that they did not have full access to all necessary information. Furthermore, a significant minority (n=11, 14%) did not believe they were free, in all instances, to report faults, frauds, wrongdoing or mistakes. A slightly higher number (n=17, 22%) considered that the internal audit function did not always receive consistent support from senior management.SPPIA identifies that involvement in the design, installation and operating of systems is likely to impair internal auditor objectivity. Respondents were asked how often management requested the assistance of the internal audit department in the performance of non-audit duties. In 37 internal auditdepartments (47%) surveyed such requests were made sometimes, often or always, and only 27 (35%) departments never participated in these non-audit activities. The interviews revealed that in some organizations internal audit staff was used regularly to cover for staff shortages in other departments.Woodworth and Said (1996)sought to ascertain the views of internal auditors in Saudi Arabia as to whether there were differences in the reaction of auditees to specific internal audit situations according to the nationality of the auditee. Based on 34 questionnaire responses from members of the IIA Dhahran chapter, they found there were no significant differences between the different nationalities. The internal auditors did not modify their audit conduct according to the nationality of the auditee and cultural dimensions did not have a significant impact on the results of the audit.Given the importance of complying with SPPIA, the professional and academic literature emphasizes the importance of the relationship between the internal audit department and the rest of the organization in determining the success or otherwise of internal audit departments (Mints,1972;Flesher,1996;Ridley & Chambers,1998 and Moeller & Witt,1999). This literature focuses on the need for co-operation and teamwork between the auditor and auditee if internal auditing is to be effective.Bethea (1992) suggests that the need f or good human relations’ skills is important because internal auditing creates negative perceptions and negative attitudes. These issues are particularly important in a multicultural business environment such as Saudi Arabia where there are significant differences in the cultural and educational background of the auditors and auditees Woodworth and Said (1996). Reasons for not having an internal audit departmentOf the 92 company interviews examining the reasons why companies do not have an internal audit function, the most frequent response from 52 companies (57%) was that reliance on the external auditor enabled the company to obtain the benefits that might be obtained from internal audit. Typically, interviewees argued that the external auditor is better, more efficient and saves money. Interviews with the external auditors revealed that client companies could notdistinguish clearly between the work and roles of internal and external audit. For example, one external auditor said,there is a misperception of what the external auditor does, they think the external auditor does everything for the company and must discover any problem.Having said this, one external auditor doubted that an internal audit function would add value in all circumstances. When referring to the internal control system he stated,as long as they are happy with the final output, I think the internal audit function will not add value. External auditing eventually will highlight any significant internal control weakness.The second most frequent reason mentioned by interviewees (23 firms, 25%) for not operating an internal audit department was the cost/benefit trade-off. Specifically, 17 firms considered that the small size of the company and the limited nature of its activities meant that it would not be efficient for them to have an internal audit department. The external auditors interviewed were of the opinion that the readily identifiable costs as compared with the more difficult to measure benefits was a factor contributing to this decision.A number of other reasons were given by interviewees for not having an internal audit department. As a consequence of the high costs of conducting internal audit activities, 14 firms used employees who were not within a separate internal audit department to carry out internal audit duties. Eight companies did not think there was a need for internal audit because they believed their internal control systems were sufficient to obviate the need for internal audit. Five companies did not think that internal audit was an important activity and three felt that their type of the business did not require internal audit. Three respondents mentioned that they did not operate an internal audit department because professional people could not be found to run the department, and six companies did not provide a reason for not having an internal audit department. In 10 companies an internal audit dInternal audit risks include the inherent risks and control risks. The inherent risks is the assumption that has nothing to do with internal accountingcontrols, the units being audited financial statements and the overall balance of the account of a business or the possibility of a major error, that is caused by the audit unit economic characteristics of business and accounting work itself the formation of the lack of audit risk. Some enterprises such as the lack of due attention to the accounting system, account system complex, reducing clarity of accounting information, reports, use of difficulty, cost, cost of lack of cost accounting concepts. Control risk refers to as a result of inadequate internal control system perfect, weak internal control behavior, not timely detection and correction of a business account or a major error in the formation of audit risk. Sometimes, even if the auditors audited units to confirm the internal control system is unreasonable or out of control in key areas, the amendments proposed by the audit can really suitable for operating activities, but will also create a risk amendment.First, the internal audit risk causes1. The independence of the internal audit agency enoughInternal audit body is set up units in institutions, in the unit under the leadership of the responsible persons to work as a unit of service. Therefore, the independence of internal audit as social audit, the audit process, inevitably affected the interests of the unit constraints. OIA staff faced with the unit leadership was among the leadership and the leadership of the relationship, as well as with various sections, the relationship between colleagues, people are not involved in the leadership of my colleagues is, non-directly related to also indirectly related to the audit process and conclusions will inevitably involve the interests of specific individuals, which inevitably affected the audit process for all categories of personnel interference.2. Internal audit operations personnel ill-equippedThe quality of auditors is to determine the size of audit risk factors. The quality of the audit including those engaged in the audit of the policies and regulations need to level of expertise, experience, skills, audit professional ethics and work responsibilities.Audit experience, the audit staff should have an important skill, the need for the audit practice of the accumulation of experience. China's internal audit staff, many people only familiar with the financial and accounting operations, some auditors do not understand the business activities of this unit and internal controls, audit limited experience. In addition, the internal audit staff responsibilities and professional ethics is the impact of audit risk factors. Because of China's internal guidelines for the work of norms and ethical standards still some gaps, and many internal organs and personnel lack of occupational norms bound and guidance. In short, China's overall quality of the low OIA staff and directly affected the internal audit work carried out by the depth and breadth. Faced with the complexity of today's OIA object and content development, internal audit staff and powerful single force book, which will directly lead to the selection of audit risk.3. Internal audit of the scientific method is not strongChina's system of internal audit is the basis of the audit, with the internal operation and management of environmental complicated models are not suited to carry out this audit internal management audit of the needs, because it is overly dependent on the internal management of enterprises controlled test, in itself a huge potential the risk of internal audit generally use statistical sampling methods, as a result of the sample itself is based on a sample audit of the results of the review can be inferred from the general characteristics, therefore, between the samples and the overall form is bound to a certain degree of error, the formation of audit sampling risk. With the degree of information technology improved, the audited accounting information will be more and more errors and false accounting information doped them, and failed to investigate the possibility of also increasing. Although the survey sample is built on the solid foundation of mathematical theory, but its existence is to allow a certain degree of audit risk. Similarly, a large number of analytical review will also have associated risks, so that the composition of the contents of audit risk is more complicated.4. Internal Audit management systemsInternal audit management system construction and implementation of internal audit is the prerequisite and foundation. Sound and effective internal management system to detect and control of enterprise economic activity occurring in a variety of errors and fraud. To ensure the quality of internal audit, internal audit organizations should establish a perfect quality control system, however, some audit institutions still lack of prior audit plan, a matter of auditing procedures and audit review of the reporting period; the audit working papers incomplete, generally only Records of audit matters, not the recording of audit staff that the correct audit matters, making the audit review, audit quality control no way; to coordinate the relationship between the audit report as a starting point to certain performance-based, qualitative ambiguous issues. More than the existence of the status quo, making the internal audit quality assurance become an empty talk, let alone ward off risks.Second, reduce the risk of internal audit ways1. Strengthen the internal audit of the legal systemImprove and perfect the legal system for the audit of internal audit is the basis of risk control measures. Audit norms, the audit staff code of conduct and guidelines, not only to control and reduce audit risk, but also to measure auditors liability standards. China's internal audit late start compared with Western countries in the relevant system-building there are many imperfections. In order to adapt to the continuous development of modern internal audit requirements, it is necessary to strengthen the audit work of legalization and standardization construction to minimize the audit work of blindness and randomness.2. To ensure the independence of internal auditThe independence of the internal auditor can make a fair and impartial professional judgment, which is appropriate to carry out the audit work is essential. The independence of internal audit bodies connotation should be reflected mainly in the form of independence and de facto independence in twoways. Formal independence requirements of internal audit in the organization of organizations with high status, the internal auditor should have access to senior management and board of directors support. Essentially refers to an independent internal audit staff in the spirit of the need to maintain the necessary independence, should be a fair and just manner and avoid conflicts of interest, in carrying out internal audit work, to maintain an honest belief in compliance with the Code of Ethics for the entire audit process does not make a significant compromise.Access to senior management and board of directors support. Essentially refers to an independent internal audit staff in the spirit of the need to maintain the necessary independence, should be a fair and just manner and avoid conflicts of interest, in carrying out internal audit work, to maintain an honest belief in compliance with the Code of Ethics for the entire audit process does not make a significant compromise.References:[1] Qiu Jia: On the internal audit and internal control relationship. Consumer Guide, 2008.2:84[2] Fan Wen-Yan ,etc: On the internal audit function of the advisory services. Network wealth 2008.06:52 ~ 53[3] Duan Lin: Internal Audit: Risk Management grasps. China's oil companies, 2007.12:31 ~ 33[4] Liu Li: Corporate Internal Audit Risk Analysis and Countermeasures to circumvent. Commercial accounting, 2008.12:46 ~ 47[4] Zhao Qing: Reduce the risk of internal audit ways. Xi'an University of Architecture and Technology Journal, 2008.02:17 ~ 20[5] Zhang Xiao-Lan,etc: internal audit risks and preventive measures. Leshan Teachers College Journal, 2007.08:52 ~ 53[6]Zhou Li-Qiong: enterprise internal audit risk management. Entrepreneurs world, 2007.10:77 ~ 80。

审计外文文献注册会计师审计拜因顿J R美国注册会计师协会独立审计的财务报表是最好的知名会计师事务所提供的服务之一，然而，它也是最不被理解的项目。

那些投资超过47万，公开举行的美国公司本身的股份超过14600的投资者从事注册会计师给予保证财务报表符合一般公的这些公司需要发行的财务报表。

认会计原则进而添加信誉，对管理的财务进行交涉。

独立审计的概念已经在越来越多成为的股东愿意投资并且在这个国家的企业的未来的关键要素。

会计师事务所已获得的专业知识，需要符合下列要求公司的财务报表的整体公平的专业意见:获得至少大专程度或同等程度的认可;通过严格的，正式的国家考试;并取得资格的注册会计师证书和国家许可证的具体经验。

注册会计师的独立性，客观性和完整性是会计专业的基本原理的进一步指导。

之前，投资者或者其他利害关系人都能够依靠核数师的报告来决定投资多少，但是他们必须先获得的一般理解的审计是什么和它不是什么。

一、什么是审计基于审计的财务资料后，准备由核数师，但不管理。

核数师不会表达对可取的投资或贷款公司的管理能力的判断，但必须确保员工是诚实的和主管。

注册会计师采用先进的测试技术和专业判断，在既定标准的参数，以达到按照一般公认会计原则的财务报表的整体公平知情意见的要求。

虽然审计的目的不是为了发现所有欺诈，但是审计师需要设计审核，以提供合理的保证，在财务报表中存在的重大错误或违规行为被发现。

二、审计的特点对于注册会计师来说审查财务报表中记录的所有交易几乎是不可能的。

核数师通常根据他或她的意见，选择测试使用采样技术。

审计提供保证财务报表重大错报，而不是绝对精度的保证，通常是基于经济和合理的水平。

对于之前形成的意见，审计师必须考虑公司的内部控制结构，分为控制环境，会计制度和控制程序。

核数师使用这方面的知识，在财务报表重大错报风险的识别和设计程序，以降低风险。

核数师在所有审计的规划和最后审查阶段也需要使用的分析方法，这是对于财务信息的评价。

审计论文的参考文献审计论文的参考文献审计是由国家授权或接受委托的专职机构和人员，依照国家法规、审计准则和会计理论，运用专门的方法，对被审计单位的财政、财务收支、经营管理活动及其相关资料的真实性、正确性、合规性、合法性、效益性进行审查和监督，评价经济责任，鉴证经济业务，用以维护财经法纪、改善经营管理、提高经济效益的一项独立性的经济监督活动。

下面是一些关于审计论文的参考文献介绍，希望对大家有所帮助。

审计论文的.参考文献 1[1]崔振龙.国家审计职责及其发展展望[J].审计研究,2004(01) : 36-39[2]陈明坤.关于审计报告制度的问题探讨[J].财务会计,2007(09) : 172-174[3]陈太辉,杨明月.审计取证的思维流程和思维要素研究[J].审计研究,2011(06):9-15[4]董大胜.中国国家审计[M].北京:中国时代经济出版社,2005[5]李金华.预算执行情况审计[M].北京:中国审计出版社,1995[6]李金华.审计理论研究[M].北京:中国审计出版社,2001[7]李金华.国家审计是国家治理的工具[J].财经,2004(01) : 1-5[8]刘家义.世界主要国家审计制度的比较与思考[J].中国审计,2004(21) : 5-10[9]刘力云.论强化审计机关的国有企业审计职责[J]审计研究,2005(04) : 23-29[10]中央预算执行和其他财政收支情况的审计工作报告[R].1995-2013[11]秦荣生.公共受托经济责任审计与我国国家审计改革[J].审计研究,2004(06):[12]吴秋生.国家审计职责研究[M].北京:中国财政经济出版社,2007(08) : 260-274[13]石爱中.现行体制下国家审计法制谠论[J].审计研究,2004(01) : 67-81[14]文硕着.世界审计史(第二版)[M].北京:企业管理出版社,1996[15]肖振东.从审计工作报告看国家审计发展[J].审计研究,2013(05) : 17-22[16]肖振东.略论审计工作报告的功能与特点[N].中国审计报,2014(05) : 1-2[17]尹平.国家审计理论与实务[M].北京:北京时代经济出版社,2008审计论文的参考文献 2[1]黄溶冰,段明利.公司诉讼风险与关键审计事项文本相似度[J/OL].南京审计大学学报:1-11[2022-10-17]./kcms/detail/32.1867.F.20221014.1711.01 0.html[2]王家华,汪晨.普惠金融政策落实跟踪审计研究——基于三维视角[J/OL].财会月刊:1-7[2022-10-17]./kcms/detail/42.1290.f.20220927.2150.020 .html[3]张夏恒,王露霖.“传统基建”到“新基建”中的审计方式沿袭与创新[J/OL].财会通讯:1-6[2022-10-17].DOI:10.16144/ki.issn1002-8072.20220927.001.[4]万华.基于委托代理理论的外部审计独立性分析——以U公司为例[J/OL].财会通讯:1-6[2022-10-17].DOI:10.16144/ki.issn1002-8072.20220915.001.[5]刘国城,周浥宁.云审计平台的研究态势、运行机制与保障策略研究[J].财会通讯,2022(17):12-17+26.DOI:10.16144/ki.issn1002-8072.2022.17.030.[6]徐京平,朱哲茹.大数据审计：发展逻辑、要素解构与演进路径[J].财会通讯,2022(17):18-26.DOI:10.16144/ki.issn1002-8072.2022.17.003.[7]李杉杉.自然资源资产离任审计问题探讨[J].财会通讯,2022(17):118-122.DOI:10.16144/ki.issn1002-8072.2022.17.025.[8]汪芳.大数据环境下全息交互智慧审计体系研究——以中国移动为例[J].财会通讯,2022(17):148-152.DOI:10.16144/ki.issn1002-8072.2022.17.018.[9]盛钧俣.审计监督与竞争审查的互动关系研究[J].商业经济,2022(10):161-163.DOI:10.19905/ki.syjj1982.2022.10.042.[10]顾宝梅,何飞.关于加强基层审计机关人才队伍建设的几点思考[J].现代审计与会计,2022(09):4-6.[11]李一明.“十四五”时期加强基层经济责任审计的导向与路径[J].现代审计与会计,2022(09):7-9.[12]虞勇.以研究型审计为抓手助力审计质量提升[J].现代审计与会计,2022(09):10-11+38.[13]刘颖.产业引导基金审计存在的问题浅析[J].现代审计与会计,2022(09):14-16.[14]唐文杰,张顺,沈玉净.审计师更换与双审计意见购买——基于整合审计视角[J].会计之友,2022(17):141-147.[15]王颖,顾颖.“双碳”背景下碳审计的思考[J].会计之友,2022(18):87-92.[16]李学伟.领导干部考评视角下强化经济责任审计及成果应用的策略探析[J].领导科学,2022(09):146-149.DOI:10.19572/ki.ldkx.2022.09.006.[17]张艳玲.风险导向内部审计在经济责任审计中的运用探析[J].时代经贸,2022,19(08):66-68.DOI:10.19463/ki.sdjm.2022.08.016.[18]葛晓萌.高职院校审计实践教学改革创新研究——以H高职为例[J].产业与科技论坛,2022,21(17):133-134.[19]侯新,张津铖,宋波.关于高校审计学课程思政教学改革的探讨[J].对外经贸,2022(08):136-138.[20]苏秀娟.注册会计师审计风险控制与防范[J].财富时代,2022(08):93-95.[21]熊宇昊.国家审计本质再认识——基于国家审计结果公告的扎根研究[J].湖南工业大学学报(社会科学版),2022,27(04):59-68.[22]赵俊童.区块链在企业内部审计中的应用[J].合作经济与科技,2022(18):117-119.DOI:10.13665/ki.hzjjykj.2022.18.023.[23]张明.高职院校内部审计探析[J].合作经济与科技,2022(18):120-122.DOI:10.13665/ki.hzjjykj.2022.18.026.[24]刘亚平.经济内循环视域下的国家审计制度变革与发展[J].广东经济,2022(08):68-71.[25]李娜.新时期企业内部控制审计问题研究[J].老字号品牌营销,2022(16):134-136.[26]孟幸芬.新时期集团公司内部审计问题及优化对策研究[J].老字号品牌营销,2022(16):146-148.[27]王偲如.新形势下企业内部审计问题研究[J].老字号品牌营销,2022(16):155-157.[28]尹兰香,张洋海.信息化环境下高校智慧审计监控系统的构建[J].台州学院学报,2022,44(04):62-67.DOI:10.13853/ki.issn.1672-3708.2022.04.011.[29]禹淑凤.现代医院管理制度下公立医院内部审计优化[J].行政事业资产与财务,2022(15):99-101.[30]焦海霞,乔鹏翔,林萌萌.建筑工程项目全过程跟踪审计研究[J].安徽建筑,2022,29(08):185-186.DOI:10.16330/ki.1007-7359.2022.08.078.[31]王晓昆.浅谈企业内部审计如何应对信息化环境的挑战[J].现代商业,2022(23):162-165.DOI:10.14097/ki.5392/2022.23.003.[32]马秀敏.大数据背景下内部审计创新的必要性及路径分析[J].现代商业,2022(23):175-177.DOI:10.14097/ki.5392/2022.23.004.[33]苗青.浅谈国有企业的审计责任与实施路径[J].现代商业,2022(23):178-180.DOI:10.14097/ki.5392/2022.23.009.[34]牛蒙军.行政事业单位经济责任审计探析[J].行政事业资产与财务,2022(15):90-92.[35]黄玮.二级公立医院内部审计廉政风险点及管控探究[J].行政事业资产与财务,2022(15):93-95.[36]王亚平.新常态下医院审计工作存在的问题与策略研究[J].行政事业资产与财务,2022(15):96-98.[37]姚彦如.物资采购审计方式探究[J].中国市场,2022(23):142-144.DOI:10.13939/ki.zgsc.2022.23.142.[38]米兰萱.内部审计在公司治理中的作用和对外部审计费用的影响[J].中国市场,2022(23):151-153.DOI:10.13939/ki.zgsc.2022.23.151.[39]张姝谨.注册会计师审计独立性与审计风险研究——以立信会计师事务所、瑞华会计师事务所为例[J].中国市场,2022(23):154-156.DOI:10.13939/ki.zgsc.2022.23.154.[40]蔡琼.关于加强企业内部审计的一些思考[J].中国市场,2022(23):169-171.DOI:10.13939/ki.zgsc.2022.23.169.[41]胡雅妮.浅谈企业经济合同审计[J].中国市场,2022(24):118-120.DOI:10.13939/ki.zgsc.2022.24.118.[42]王坤荣.试论深化经济责任审计若干问题的思考方式[J].中国市场,2022(24):159-161.DOI:10.13939/ki.zgsc.2022.24.159.[43]张宸瑞.审计信息化能力解构与提升策略探讨[J].现代商贸工业,2022,43(19):246-248.DOI:10.19311/ki.1672-3198.2022.19.110.[44]徐心艺.基于风险导向与战略管理的国有企业内部审计策略研究[J].现代商贸工业,2022,43(20):133-135.DOI:10.19311/ki.1672-3198.2022.20.059.[45]王宇平.审计机构执业质量提升探讨[J].财会通讯,2022(17):128-131.DOI:10.16144/ki.issn1002-8072.20220812.002.[46]付志强.新形势下经济责任审计全覆盖的实现路径研究[J].财会学习,2022(23):114-117.[47]钱春强.公立医院内部审计风险及防范策略分析[J].财会学习,2022(23):121-123.[48]康雅芳.企业内部审计与外部审计的关系与协调[J].产业创新研究,2022(15):175-177.[49]朱金龙,汤晓燕,刘宝财.基于精益质量管理模型的审计现场质量控制标准化路径探索——以浙江湖州审计实践为例[J].财政监督,2022(16):77-82.[50]王婷.大数据背景下企业内部审计创新对策[J].技术与市场,2022,29(08):193-194.。

浙江万里学院商学院会计专业，2012级1班马彦会计系2011010669丁悦 学生姓名 专业班级 指导教师 系 别 学生学号 毕业论文外文文献译文外文文献译文标题：浅析内部审计风险的成因及解决途径资料来源: Qiu Jia: On the internal audit and internal control relationship.ConsumerGuide,2008.2:84 作者：Qiu Jia内部审计风险包括固有风险和控制风险。

固有风险是指在假定与内部会计控制无关的情况下，被审计单位整体财务报表和各账户余额或某项业务发生重大差错的可能性，即由于被审计单位经济业务的特点和会计核算工作本身的不足而形成的审计风险。

如某些企业缺乏对会计制度应有的重视，账户体系庞杂、会计信息明晰性降低，报表利用困难，成本、费用缺乏成本核算概念等。

控制风险是指由于被审单位内部控制制度不够健全完善，内部控制行为不力，不能及时发现和纠正某个账户或某种业务中的重大错误而形成的审计风险。

有时即使审计人员确认被审计单位的内部控制制度不合理或在关键环节上失控，其提出的修正建议能否真正适合被审计单位的经营活动，也会形成一种修正风险。

一、内部审计风险形成的原因1.内部审计机构的独立性不够内部审计机构是单位内设机构，在单位负责人的领导下开展工作，为单位服务。

因此，内部审计的独立性不如社会审计，在审计过程中，不可避免地受本单位的利益制约。

内审人员面临的是与单位领导层之间的领导与被领导的关系以及与各科室、部门之间的同事关系，所涉及的人不是领导就是同事，非直接有关也是间接相关，审计过程及结论必然涉及到具体的个人利益，因而审计过程难免受到各类人员干扰。

2.内部审计人员的业务不精审计人员素质的高低是决定审计风险大小的主要因素。

审计人员的素质包括从事审计需要的政策法规水平、专业知识、经验、技能、审计职业道德和工作责任。

审计经验是审计人员应有的一种重要技能，审计经验需要实践的积累。

大数据、云计算技术与审计外文文献翻译最新译文毕业设计附件外文文献翻译：原文+译文文献出处：Chaudhuri S. Big data，cloud computing technology and the audit[J]. IT Professional Magazine, 2016, 2(4): 38-51.原文Big data，cloud computing technology and the auditChaudhuri SAbstractAt present, large data along with the development of cloud computing technology, is a significant impact on global economic and social life. Big data and cloud computing technology to modern audit provides a new technology and method of auditing organizations and audit personnel to grasp the big data, content and characteristics of cloud computing technology, to promote the further development of the modern audit technology and method.Keywords: big data, cloud computing technology, audit, advice1 Related concept1.1 Large dataThe word "data" (data) is the meaning of "known" in Latin, can also be interpreted as "fact”. In 2009, the concept of “big data” gradually begins to spread in society. The conce pt of "big data" truly become popular, it is because the Obama administration in 2012 high-profile announced its "big data research and development plan”. It marks the era of "big data" really began to enter the social economic life.” Big data" (bigdata), or "huge amounts of data, refers to the amount of data involved too big to use the current mainstream software tools, in a certain period of time to realize collection, analysis, processing, or converted to help decision-makers decision-making information available. Internet data center (IDC) said "big data" is for the sake of more economical, more efficient from high frequency, large capacity, different structures and types of data to derive value and design of a new generation of architecture and technology, and use it to describe and define the information explosion times produce huge amounts of data, and name the related technology development and innovation. Big data has four characteristics: first, the data volume is huge, jumped from TB level to the level of PB.Second, processing speed, the traditionaldata mining technology are fundamentally different. Third, many data types’pictures, location information, video, web logs, and other forms. Fourth, the value of low density, high commercial value.1.2 Cloud computing"Cloud computing" concept was created in large Internet companies such as Google and IBM handle huge amounts of data in practice. On August 9, 2006, Google CEO Eric Schmidt (Eric Schmidt) in the search engine assembly for the first time put forward the concept of "cloud computing”. In October 2007, Google and IBM began in the United States university campus to promote cloud computing technology plan, the project hope to reduce the cost of distributed computing technology in academic research, and provide the related hardware and software equipment for these universities and technical support (Michael Mille, 2009).The world there are many about the definition of"cloud computing”.” Cloud computing" is the increase of the related services based on Internet, use and delivery mode, is through the Internet to provide dynamic easy extension and often virtualized resources. American national standards institute of technology (NIST) in 2009 about cloud computing is defined as: "cloud computing is a kind of pay by usage pattern, this pattern provides available, convenient, on-demand network access, enter the configurable computing resources Shared pool resources (including network, servers, storage, applications, services, etc.), these resources can be quick to provide, just in the management of the very few and or little interaction with service providers."1.3 The relationship between big data and cloud computingOverall, big data and cloud computing are complementary to each other. Big data mainly focus on the actual business, focus on "data", provide the technology and methods of data collection, mining and analysis, and emphasizes the data storage capacity. Cloud computing focuses on "computing", pay attention to IT infrastructure, providing IT solutions, emphasizes the ability to calculate, the data processing ability. If there is no large data storage of data, so the cloud computing ability strong again, also hard to find a place; If there is no cloud computing ability of data processing, the big data storage of data rich again, and ultimately, used in practice. From a technical point of view, large data relies on the cloud computing. Huge amounts of data storage technology, massive data management technology, graphs programming model is the key technology of cloud computing, are also big data technology base. And the data will be "big", themost important is the technology provided by the cloudcomputing platform. After the data is on the "cloud", broke the past their segmentation of data storage, more easy to collect and obtain, big data to present in front of people. From the focus, the emphasis of the big data and cloud computing. The emphasis of the big data is all sorts of data, broad, deep huge amounts of data mining, found in the data value, forcing companies to shift from "business-driven" for "data driven”. And the cloud is mainly through the Internet, extension, and widely available computing and storage resources and capabilities, its emphasis is IT resources, processing capacity and a variety of applications, to help enterprises save IT deployment costs. Cloud computing the benefits of the IT department in enterprise, and big data benefit enterprise business management department.2 Big data and cloud computing technology analysis of the influence of the audit2.1 Big data and cloud computing technology promote the development of continuous audit modeIn traditional audit, the auditor only after completion of the audited business audit, and audit process is not audit all data and information, just take some part of the audit. This after the event, and limited audit on the audited complex production and business operation and management system is difficult to make the right evaluation in time, and for the evaluation of increasingly frequent and complex operation and management activities of the authenticity and legitimacy is too slow. Along with the rapid development of information technology, more and more audit organization began to implement continuous audit way, to solve the problem of the time difference between audit results and economic activity. However, auditors for audit, often limited by current business conditions and information technology means,the unstructured data to digital, or related detail data cannot be obtained, the causes to question the judgment of the are no specific further and deeper. And big data and cloud computing technology can promote the development of continuous audit mode, make the information technology and big data and cloud computing technology is better, especially for the business data and risk control "real time" to demand higher specific industry, such as banking, securities, insurance industry, the continuous audit in these industries is imminent.2.2 Big data and cloud computing technology to promote the application of overall audit modeThe current audit mode is based on the evaluation of audit risk to implement sampling audit. In impossible to collect and analyze the audited all economic business data, the current audit modemainly depends on the audit sampling, from the perspective of the local inference as a whole, namely to extract the samples from working on the audit, and then deduced the whole situation of the audit object. The sampling audit mode, due to the limited sample drawn, and ignored the many and the specific business activity, the auditors cannot find and reveal the audited major fraud, hidden significant audit risks. Big data and cloud computing technology for the auditor, is not only a technical means are available, the technology and method will provide the auditor with the feasibility of implementing overall audit mode. Using big data and cloud computing technology, cross-industry, across the enterprise to collect and analysis of the data, can need not random sampling method, and use to collect and analyze all the data of general audit mode. Use of big data and cloud computing technology overall audit mode is to analyze all thedata related to the audit object allows the auditor to establish overall audit of the thinking mode; can make the modern audit for revolutionary change. Auditors to implement overall audit mode, can avoid audit sampling risk. If could gather all the data in general, you can see more subtle and in-depth information, deep analysis of the data in multiple perspectives, to discover the hidden details in the data information of value to the audit problem. At the same time, the auditor implement overall audit mode, can be found from the audit sampling mode can find problems.2.3 Big data and cloud computing technology for integrated application of the audit resultsAt present, the auditor audit results is mainly provided to the audit report of the audited, its format is fixed, single content, contains less information. As the big data and cloud computing technology is widely used in the audit, the auditor audit results in addition to the audit report, and in the process of audit collection, mining, analysis and processing of large amounts of information and data, can be provided to the audited to improve management, promote the integrated application of the audit results, improve the comprehensive application effect of the audit results. First of all, the auditor in the audit to obtain large amounts of data and related information of summary and induction, financial, business and find the inner rules of operation and management etc, common problems and development trend, through the summary induces a macroscopic and comprehensive strong audit information, to provide investors and other stakeholders audited data prove that, correlation analysis and decision making Suggestions, thus promoting the improvement of the audited management level. Second, auditorsby using big data and cloud computing technology can be the same problem in different category analysis and processing, from a differentAngle and different level of integration of refining to satisfy the needs of different levels. Again, the auditor will audit results for intelligent retained, by big data and cloud computing technology, to regulation and curing the problem in the system, in order to calculate or determine the problem developing trend, an early warning of the auditees.3 Big data and cloud computing technology promote the relationship between the applications of evidenceAuditors in the audit process should be based on sufficient and appropriate audit evidence audit opinion, and issue the audit report. However, under the big data and cloud computing environment, auditors are faced with both a huge amount data screening test, and facing the challenge of collecting appropriate audit evidence. Auditors when collecting audit evidence, the traditional thinking path is to collect audit evidence, based on the causal relationship between the big data analysis will be more use of correlation analysis to gather and found that the audit evidence. But from the perspective of audit evidence found, because of big data technology provides an unprecedented interdisciplinary, quantitative dimensions available, made a lot of relevant information to the audit records and analysis. Big data and cloud computing technology has not changed the causal relationship between things, but in the big data and cloud computing technology the development and use of correlation, makes the analysis of data dependence on causal logic relationship is reduced, and even more inclined to application based on the analysis of correlation data, on the basis ofcorrelation analysis of data validation is large, one of the important characteristics of cloud computing technology. In the big data and cloud computing environment, the auditor can collect audit evidence are mostly electronic evidence. Electronic evidence itself is very complex, and cloud computing technology makes it more difficult to obtain evidence of the causal. Auditors should collect from long-term dependence on cause and effect and found that the audit evidence, into a correlation is used to collect and found that the audit evidence.译文大数据、云计算技术与审计Chaudhuri S摘要目前，大数据伴随着云计算技术的发展，正在对全球经济社会生活产生巨大的影响。

毕业设计（论文）译文题目名称：（写译文题目)院系名称：班级：学号：学生姓名：指导教师：200×年×月风险导向审计研究(译文题目)Pie Pierce，B。

, Sweeney, B。

近几年来，审计行业面临的风险正在日益增大，国内外相继出现了一些会计舞弊事件，如：美国的“安然”、“施乐”,国内的“原野”、“琼民源”、“红光”等，审计人员由此涉及的案件也成千上万，赔偿的金额更难以估计,甚至有人称审计职业界进入了“诉讼爆炸"时代,一些会计师事务所因诉讼而倒闭或陷入困境，这使审计人员清醒地认识到,在商业竞争十分激烈的市场经济中，审计职业界所面临的商业风险已越来越大，审计职业必须设法降低这种商业风险水平。

为此，以美国为首的西方国家从20世纪80年代开始大规模地修订审计准则,在实践中产生了一种以风险评价为中心的审计模式，并在实务中得到广泛应用.一、风险导向审计产生的社会基础（一）高风险的审计执业环境是风险导向审计产生的直接原因。

众多企业的倒闭,已审报表的使用者将经营失败等同于审计失败。

他们认为企业濒临破产,注册会计师进行财务报表审计时就应提前发出警告，这样审计人员与公众期望的差距越来越大。

期望差距的加大，表明社会公众对审计的需求日益增加，为弥补审计期望差距就得寻找途径，主动出击,迎合这种需求，须承担一定的法律责任——即承担更大的查错防弊责任。

随着企业规模的不断扩大，业务的复杂化和计算机的应用，会计、审计业务趋于复杂;险恶的企业经营环境必然意味着严峻的、高风险的审计执业环境，因此迫切需要一种新的审计技术——风险导向审计。

（二）严格的法律环境是风险导向审计产生的外部驱动力。

现代社会在某种程度上是一种契约经济，各种契约界定人与人之间的关系，法律保护契约双方，一切纠纷的处理需通过法律的手段解决。

证券法对保护投资人利益的责任意识越来越强，因而当投资人的利益受到伤害时，被投资企业破产倒闭，投资人无力投资，债务人收回债务无望时，极有可能诉讼注册会计师。

审计风险外文文献(1)摘要审计风险是每一个企业都不可避免的存在，如何有效地对企业进行风险管理和风险评估，是企业在竞争激烈的市场经济中持续发展的关键。

本文研究了一些关于审计风险的外文文献，包括审计风险概念、审计风险评估方法、审计风险管理等方面，旨在为企业的管理者提供有益的参考。

正文1. Introduction随着市场经济的不断发展，企业日益面临着各种各样的风险，其中审计风险是一种不可忽视的风险。

审计是公司财务状况公开的重要手段，而审计风险则是指在审计过程中，会发现实际情况与财务报告不符或存在其他问题，这种风险不仅会对企业的财务状况产生影响，也会对企业的声誉产生负面影响。

2. 审计风险概念审计风险分为三个方面：检查风险、控制风险和依赖风险。

检查风险是指审核员未能检查到可疑交易或错误的信息。

控制风险是指公司的内部控制程序存在缺失，导致财务报告的准确性受到影响。

依赖风险是指报告使用者过度依赖于审计师提供的信息。

3. 审计风险评估方法审计风险评估是完整的审计过程的一部分，目的是评估审计风险的程度。

当确定企业的特定事件可能导致审计误差时，重要的是要确定风险的数量级和可能性。

评估审计风险的方法通常有三种：3.1 指标法指标法是根据历史数据，使用统计学方法来确定预测未来事件的可能性。

它通常将风险因素与特定事件发生的概率联系起来，以确定将需要进行更详细的审计程序的区域。

#### 3.2 经验法经验法根据审计人员的经验来确定预测的未来事件可能性。

这种方法不依赖于任何统计数据，而是基于审计人员对企业的认识和经验来进行评估。

#### 3.3 聚集法聚集法涉及对不同因素进行评估，这可以提高风险评估的确定性和准确性。

在这种方法中，审计人员可以对所有可能影响判断的因素进行评估，包括企业规模、行业类型、管理体系等。

4. 审计风险控制为了减少风险，管理人员可以采取以下措施：4.1 审计策略管理人员应该制定一个明确的审计策略来减少审计风险。

目 录 INTERNAL AUDIT IN BANKS AND THE SUPERVISOR'S RELATIONSHIP WITH AUDITORSINTRODUCTION ...................................................................... 2 内部审计在银行与审计中监督员的关系 ................................................................... 4 BANKING SUPERVISION AUDIT INFORMATION AND NATURE OUTSIDE AUDIT ........................................................................................................................... 5 1 EXTERNAL AUDIT QUALITY AND BANKING SUPERVISION ........................... 5 2 KEY AREAS OF INTEREST TO BANK SUPERVISORS ............................... 7 3 HIGH-QUALITY AUDITS ENHANCE MARKET CONFIDENCE, PARTICULARLY IN TIMES OF SEVERE MARKET

STRESS ............................................................. 9 4 AUDITORS CAN PROVIDE AN EARLY WARNING ON ISSUES OF SUPERVISORY CONCERN ........ 12 银行监管的审计信息和性质的外部审计 ................................................................. 13 1 外部审计的质量和对银行的监管 ................................... 14 2 关键领域感兴趣的银行监管 ....................................... 14 3 高质量的审计增强市场信心，尤其是在严重的情况下市场压力 ......... 16 4 审计可以提供一个早期预警问题的监督关切 .......................... 17 2

文献信息：文献标题：Auditor specialization, accounting information quality and investment efficiency（审计师专业化、会计信息质量和投资效率）国外作者：Assawer Elaoud，Anis Jarboui文献出处：《Research in International Business and Finance》,2017,42: 616-629字数统计：英文2456单词，14366字符；中文4459汉字外文文献：Auditor specialization, accounting information quality andinvestment efficiencyAbstract This study is examined how the auditor specialization moderates the effect of accounting information quality on investment efficiency, i.e., whether the effect of accounting information quality on investment efficiency is increasing or decreasing with the presence of the specialist auditor.The reached result reveals that the accounting information quality appearsto helpdecrease the overinvestment problem. Similarly, the auditor specialization has been discovered to help greatly in improving investment efficiency, while reducing the underinvestment problem. We further find that the accounting information quality and the auditor specialization are two mechanisms with some degree of substitution in enhancing investment efficiency. The accounting information quality is positively associated with investment efficiency for firms whose auditor is an industry specialist.Keywords:Investment efficiency; Underinvestment; Overinvestment; Auditor specialization; Accounting information quality (AIQ)1.IntroductionA large theoretical and empirical literature examines the role of the accountinginformation quality (Bushman et al., 2001; Bushman and Smith, 2001; Bagaeva, 2008; Chan et al., 2009; Chan and Lee, 2009; Zhiying et al., 2012; Ran et al., 2015). One line of research (Biddle and Hilary, 2006; McNichols and Stubben, 2008; Biddle et al., 2009; Chen et al., 2011) suggests that higher quality information enables managers to identify better investment opportunities. Several studies also propose that auditor specialization can be used to reduce the information asymmetry problems (Almutairi et al., 2009; DeBoskey et al., 2012; DeBoskey and Jiang, 2012; Yaghoobnezhada et al., 2014): A specialist’s knowledge of the industry can be developed through vast auditing experience, specialized staff training, and large investments in information technology. This industry-specific knowledge allows specialist auditors to provide higher quality audit service by reducing the information asymmetry through their greater ability to detect significant anomalies.Theoretical models (Balsam et al., 2003; Lai, 2011) predict that, despite the limited evidence, a highly acquired audit quality is extremely useful for improving investment efficiencies, especially with respect to overinvestment. Based on these premises, the main purpose of this paper is to combine these two mechanisms and analyze the effect of the accounting information quality (AIQ) and theauditor specialization on investment efficiency.Chen et al. (2011), who examines the relationship between the information quality and investment, find that financial reporting quality enhances investment in private firms in emerging countries. We also expect to find this association in a sample of industrial firms. In relation to the role of the auditor specialization in investment efficiency, to the best of our knowledge, this is the first study that empirically examines its effect on both underinvestment and overinvestment.As an extension of our research, we examine how the auditor specialization moderates the AIQ effect on investment efficiency, i.e., whether such an AIQ effect on investment efficiency is increasing or decreasing with the presence of a specialist auditor. We could expect both effects:On the one hand, the reduction of the information asymmetry and more reliable accounting numbers, due to higher AIQ, could lead to a more effective monitoringdue to the specialist auditors and, consequently, the AIQ effect on investment efficiency would turn out to be higher for firms with greater AIQ and auditor specialization.On the other hand, firms with higher accounting quality are likely to help the manager reduce the adverse selection and moral hazard and allow managers to better identify investment opportunities (Biddle and Hilary, 2006). So, under this assumption, we would expect that the importance of AIQ in reducing information asymmetries will be higher in firms whose auditor is an industry specialist than that with a company whose auditor is not a specialist.Our results show that the AIQ reduces overinvestment, while the specialist auditor reduces the underinvestment. Moreover, our results also reveal that the AIQ effect on investment efficiency is positive for the firms whose auditor is an industry specialist, highlighting the substitution role of AIQ and auditor specialization in reducing information asymmetries and monitoring manager’s behavior to such a way as expropriation can be greatly restricted.2.Literature review and hypothesis development2.1.Investment efficiency and the accounting information quality (AIQ)Since higher AIQ makes managers more accountable by allowing better monitoring, and it may reduce adverse selection and moral hazard, and thereafter decreases information asymmetries, it could thereby greatly reduce the overinvestment and the underinvestment problems. In addition, the AIQ could improve investment efficiency by enabling managers to make better investment decisions through a better identification of projects and more truthful accounting numbers for internal decision makers (Bushman et al., 2001; Bushman and Smith, 2001; McNichols and Stubben, 2008; Gomariz and Bellesta, 2014). Empirically, prior studies argue and find evidence that earnings management leads to overinvestment because it distorts the information used by managers (McNichols and Stubben, 2008). In turn,Hirshleifer et al. (2004), Biddle et al. (2009) and Chen et al. (2011) examine the effect of information quality on two inefficient scenarios, overinvestment andunderinvestment, and reported that higher information quality helps greatly in encouraging underinvestment companies to make investments, and overinvestment companies to decrease their investment level. Consistent with this view, Gomariz and Bellesta (2014) find that conservatism leads to reducing both overinvestment and underinvestment, because it reduces investment-cash flow sensitivity with regard to overinvestment firms and facilitates access to external financing regarding underinvestment firms.In this respect, we undertake to analyze the AIQ impact on investment efficiency, and our first hypothesis set up as follows:H1. Firms with higher AIQ will show higher investment efficiency.Since we examine whether the AIQ reduces the underinvestment and the overinvestment, we should also test the following two sub-hypotheses: H1a. Firms with higher AIQ will mitigate the overinvestment problem.H1b. Firms with higher AIQ will mitigate the underinvestment problem.2.2.Investment efficiency and auditor specializationThe role of the auditor specialization in reducing managers’ discretion and disciplining their investment decisions has been discussed in the related literature mainly by Gul et al. (2009) and DeBoskey and Jiang (2012). However, this literature has also emphasized the role played by auditors under information asymmetry, highlighting that the use of the auditor specialization is a mechanism whereby we can attenuate informational asymmetries and agency costs between shareholders, creditors and managers. Auditors seem to have difficulty measuring amounts of discretionary part and have been forced to reissue their reports because of regulators findings (Balsam et al., 2003; DeBoskey et al., 2012; DeBoskey and Jiang, 2012). Hence, an empirical question may beposed as to whether the auditor industry specialization is similarly associated with investment efficiency.An examination of the literature suggests that firms with high investment opportunities may need high quality audits because they have a weak internal control system which may not keep up with the growth pace, resulting in higher control and audit risk (Tsui et al., 2001; Cahan et al., 2006; Lai, 2009).Based on this, our second hypothesis and its sub-hypotheses are as follows:H2. The firms that undertake a specialist auditor show greater investment efficiency.H2a. The firms that undertake a specialist auditor can mitigate overinvestment problems.H2b. The firms that undertake a specialist auditor can mitigate underinvestment problems.2.3.The AIQ effect on investment efficiency conditioned to the auditor specializationAside from checking the isolated effect of the accounting information quality and the auditor specialization on investment efficiency (Biddle and Hilary, 2006; Cahan et al., 2006; DeBoskey et al., 2012; DeBoskey and Jiang, 2012; Gomariz and Bellesta, 2014;Lu et al., 2016), we examine their interaction effect, i.e., we investigate whether the effect of the AIQ on investment efficiency is increasing or decreasing with the presence of the auditor industry specialization.In this sense, the AIQ effect on investment decisions could be mitigated by the absence of the specialist auditors because auditor specialization in a given sector have considerable experience and may exercise their oversight role on management in a bid to reduce overinvestment and can also be beneficial for managers to make positive investments in situations of underinvestment.According to this, the auditor specialization stands as a crucial instrument useful for reducing the information asymmetry and the earnings management (DeBoskey et al., 2012; DeBoskey and Jiang, 2012; Mary et al., 2012; Mary and Bing, 2012). Hence, it follows that the AIQ impact on investment efficiency would turn out to be stronger for a company whose auditor is an industry specialist. The specialist auditor can mitigate the adverse selection and moral hazard and can provide guarantees to the information quality.Accordingly, our third hypothesis which is put forward stipulates that the relationship between the AIQ and the investment efficiency depends highly on the presence of the auditor specialization.H3. The relationship between investment efficiency and the AIQ should prove to be stronger for firms whose auditor is an industry specialist.H3a. Firms using a specialist auditor and the AIQ will mitigate overinvestment problems.H3b. Firms using a specialist auditor and the AIQ will mitigate underinvestment problems.3.Research method and sampleThe qualitative method is characterized by its practical inefficiency in the field, since the criteria of loyalty, credibility, validation and transferability can be lost before the professional secrets. This study does not focus on a qualitative method because the study region stimulates it.We have been able to use a quantitative method which refers to work whose data are statistically analyzable. For most researchers, talking about quantitative research means studying large duly selected samples, whereas the qualitative searches covered usually only some cases. In this study, the quantitative technique allows for better testing of theories and assumptions, and allows measuring more rigorously the used variables.Our sample period covers the period 2007–2013, and for further identification of the study selected variables, we need to check the data for the years 2006 and 2005.The sample selection covers only industrial firms, whereas firms related to finance are excluded from the sample. The information is collected from the company’s annual reports, as downloaded from the Tunisia Stock Exchange website, the financial market Council, while some data have been gathered manually.Tunisia is an interesting setting for a number of reasons. Firstly, it represents a less developed capital market than the U.S. and U.K., and secondly the information asymmetry and the auditor monitoring role are higher.These additional requirement factors have ultimately led us to get a sample made up of 231 firm-year observations, pertinent to the investment efficiency model constitution. Table 1 below, depicts the firm's distribution according to selectedsample.Table 1. Analysis of the sample according to the investment efficienc Panel: analysis by year underinvestment Percentage overinvestment Percentage 2013 25 17.12% 8 9.41%2012 23 15.75% 10 11.76%2011 24 16.43% 9 10.58%2010 20 13.69% 13 15.29%2009 14 9.58% 19 22.35%2008 20 13.69% 13 15.29%2007 20 13.69% 13 15.29%Total 146 100% 85 100% The results, figuring on Table 1 present only 85 observations belonging to the overinvestment group, while most of sample observations relate to the underinvestment group.Aside from that, this table indicates that the majority of sample observations pertain to the underinvestment for all years, except for the year 2009, in which the sample-depicted underinvestment appears to have a percentage of 9.58% while the overinvestment proportion turns out to be of 22.35%.4.ConclusionsSeveral previously elaborated studies have revealed that the accounting information quality can greatly help in improving investment efficiency by reducing information asymmetries that give rise to frictions such as moral hazard and adverse selection. This work is designed as an extension to those researches by attempting to document the panel through which accounting information quality can relate to the investment efficiency. More specifically, the special attempt has been made to test the hypothesis that a higher accounting information quality can be associated with either mitigating the overinvestment or the underinvestment problems. For a more reliably effective estimation of accounting information quality, an appeal has been made to the measure proposed by Stubben (2010), considering that discretionary revenues stand as a proxy for earnings management.In this respect, prior conducted studies dealing with such a subject have also put a great emphasis on the role played by auditors in information asymmetry, highlighting that the use of the auditor specialization may stand as a mechanism that can attenuate informational asymmetries and agency cost. Indeed, the use of a specialized service auditor can provide assurance on the information quality. In this particular context, the authors find that firms audited by a qualified auditor turn out to be likely to communicate forecast information on future cash flows more credibly than those audited by a non-specialist auditor.The beneficial effects of auditor industry specialization are most marked in the industrial firms. Hence, our second hypothesis focuses on the auditor industry specialization impact on the investment efficiency.Further, an examination of whether the auditor specialization does have influences on the investment efficiency. In addition to checking the isolated effect of the accounting information quality and the auditor specialization on investment efficiency, we examine whether the AIQ effect helps either increase or decrease the investment efficiency for firms whose auditor is an industry specialist. In our paper, the AIQ and the auditor specialization effect on investment efficiency has been analyzed through a representative sample derived from a Tunisian context, in which AIQ is expected to be higher, over the period 2007–2013. According to somepreviously conducted studies (Biddle et al., 2009; Chen et al., 2011; Gomariz and Bellesta, 2014) has been discovered, that in the U.S. and emerging markets, the financial reporting quality can greatly help in solving underinvestment problems. In Tunisia, the auditor specialization proves to constitute the major mechanism implemented to control underinvestment, and AIQ is relevant only when the audit quality level is high.As indicated by our attained results, a higher AIQ and a higher use of auditor specialization appear to contribute in increasing investment efficiency.However, if we distinguish between overinvestment and underinvestment, it can be noted that the AIQ plays an important role in reducing overinvestment. Similarly, the specialist auditors’ presence is a mechanism that contributes positively toimproving the investment efficiency in underinvestment scenarios.In addition, we find that the accounting information quality and the auditor specialization have a substitution relationship in improvement of investment efficiency: The relationship between investment efficiency and AIQ is stronger for firms whose auditor is an industry specialist.Our achieved results are exclusively limited to findings from our sample, which includes only industrial companies in Tunisia, for this reason our sample of 33 firms could be considered too small. Despite such limits, the study results may be potentially useful for shareholders, investors, managers and policy makers to help in further enhancing firms' investment efficiency.As a future research perspective, one could consider other investment affecting factors, and extend the result findings to companies belonging to other countries.中文译文：审计师专业化、会计信息质量和投资效率摘要本研究探讨了审计师专业化如何调节会计信息质量对投资效率的影响，即会计信息质量对投资效率的影响是否随着审计师专业化的存在而增加或减少。

电子商务对审计过程的影响：调查导致变化的因素 作者：Amr Kotb and Clare Roberts International Journal of Auditing Int. J. Audit. 15: 150–175 (2011) 本问旨在通过以下探索进一步了解电子商务对财务审计实践的影响：导致采用新的或不同的审计实践的压力；影响传统审计实务和技术恰当性的电子商务的具体特点；以及技术审计工作随着电子商务模式越来越多地被采纳正在发生着怎样的变化。通过使用半结构化面试和邮寄问卷调查，来寻求财务审计人员和信息技术审计从业人员的看法。调查结果确定了正如这些人员所认为的影响和导致电子商务环境下审计变化的因素和压力。总体而言，电子商务审计变化最为突出的方面被认为是广泛使用IT实践和技术，这种变化不仅仅归因于技术因素，但他们也认为竞争和职业因素是审计变化的重要驱动因素。 关键词：电子商务 电子商务审计 IT审计 审计实践 审计变化 总论 电子商务的出现已经从根本上改变了不只是组织开展他们日常业务的方式，而且还改变了工作性质、业务关系性质、以及企业如何调整自身结构。这些变化进而导致电子商务实体的风险分布和相关缓和过程的显著变化。虽然电子商务实体的基本原则和基于审计的必要程序于适用于非电子商务的审计的基本原则和必要程序没什么不同，但电子商务对技术审计工作有显著影响。在一个电子商务实体中，经济交易在实时基础上被捕获、测量和报告，并没有内部人员的干预和文件记录。因此这些系统产生的信息需要进行实时审计。因此，可以说传统审计实践和技术已经变得不那么“理想化”，产生了对信息驱动审计技术越来越多的需求。 尽管有相当多的文献有关于电子商务对财务审计实践的潜在影响，但有关于审计人员的实际实践和审计变化的驱动因素的信息仍相对稀缺。本文试图通过探索导致采用新的或不同的审计实践的压力、响传统审计实务和技术恰当性的电子商务的具体特点以及技术审计工作随着电子商务模式越来越多地被采纳正在发生着怎样的变化来填补这一空白。完成这项调查通过了两个阶段的研究：12个半结构访谈和一个问卷调查，其中包括一个苏格兰特许会计师协会和英格兰、威尔士特许会计师协会合格的财务审计人员参与的样本和一个信息系统于控制协会合格的IT审计人员参与的样本。结果发现，在一般情况下，受访者，无论是财务审计人员还是IT审计人员均相信电子商务已经使得现有的财务审计实践和技术产生问题，并将审计功能带入新的方向。特别的，影响审计人员技术工作的最明显的电子商务特点被认为是：依赖于IT控制、不确定性、使用实时信息系统和安全性。此外，参与者报告说他们认为内部控制、审计风险和传统的纸质审计证据将在电子商务环境下显著改变。他们还表示他们越来越多的使用以IT为基础的审计实践。然而这下变化不能完全归咎于技术因素，相反，竞争和职业因素也被认为是电子商务环境下审计变化的重要驱动力。虽然需要做更多的研究来确认这些结果，但这可能对审计从业人员和关心技术审计工作和审计专业的专业现状的会计师事务所有用，也可能有助于大学的教育者更新审计课程。最后，该结果也可能对监管者在讨论电子商务对审计实践和审计职业的潜在影响时有所帮助。 Introduction 最近几年见证了一场信息与通讯技术和电子商务日益增长的经济意义的革命。在没有地理和物理限制的障碍下，瞬间创造、加工、分享和使用信息的潜能是巨大的且继续呈指数增长。例如，在英国，企业网站已经成为利益相关者交流的重要手段，在2007年，70%的企业拥有自己的网站（国家办事处2008年统计）。而通过互联网销售的非金融企业成倍增加，在2002-2007年间，从7%增加至15%。更重要的是，到2007年，所有英国企业的19.3%使用自动数据交换，17.8%使用自动集成的订单接收系统和会计系统。基于Web集成网络的企业的出现已经从根本上改变了不只是组织开展他们日常业务的方式，而且还改变了工作性质、业务关系性质、以及企业如何调整自身结构。电子商务审计可能会与传统审计显著不同因为电子商务对以下方面有显著影响：会计和内部控制系统（包括对自动化处理和来源于第三方信息的依赖）；交易流程的数量、速度和性质；一个实体必须遵守的税务、法律和监管的要求（包括外国司法管辖区内的实体，无论该实体是有意还是无意采纳电子商务）；会计政策（包括那些关于电子商务相关的收入和成本识别与某些类型的资本支出）；持续关注的考虑。电子商务也依赖于在他们直接控制之外的复杂IT基础设施的存在。更具体地，电子商务依赖于互联网（一个没有内置安全的公共网络）的使用。同样，如果一个电子商务外包部分或全部的电子商务管理（如网络托管、客户管理、安全或电子邮件支持），那么它对如数据处理、传输和保留的信息管理过程没有直接影响。电子商务技术为中心的本质不仅改变了现有风险的性质和严重程度，但他也带来了一些新风险，这些风险影响实体风险预测，进而也影响导致虚假陈述和材料的电子信息的完整性和可靠性。这些风险包括：未经授权的访问数据；保密损失；认证和拒绝；企业实体、其合作伙伴和外包的信息系统的失败；审计线索的丧失；法律无效。传统的控制机制可能不再是足够的，新的控制和安全措施，如防火墙、灾难恢复计划、加密、入侵检测系统、数字签名和证书、动态口令和智能卡可能是所需。 虽然电子商务实体的基本原则和基于审计的必要程序与应用于非电子商务的审计的基本原则和必要程序没什么不同，但电子商务将显著影响审计实务的数量， 值得怀疑的是，财务审计可以成功执行，而不采用新的IT驱动审计技术与工具。在一个电子商务实体中，经济交易在实时基础上被捕获、测量和报告，并没有内部人员的干预和文件记录。进而这些系统产生的信息需要进行实时审计。有相当多的文献有关于电子商务对财务审计实践和在一些国家日益增加的专业指导数量的潜在影响。相比之下，审计人员的实际实践和审计变化的驱动因素的信息仍相对稀缺。本文试图通过报道英国审计人员和IT专家的的态度和实践来填补这一空白。具体而言，本文探讨电子商务审计的一些方面，包括导致采用新的或不同的审计实践的压力；电子商务环境影响变更实践采纳的具体特点；随着越来越多的采用电子商务模式，审计风险、审计控制、测试程序和报告如何变化。

（（英文参考文献及译文）二〇一六年六月本科毕业论文 题 目：STATISTICAL SAMPLING METHOD, USED INTHE AUDIT学生姓名：王雪琴学 院：管理学院系 别：会计系专 业：财务管理班 级：财管12-2班 学校代码： 10128 学 号： 201210707016Statistics and AuditRomanian Statistical Review nr. 5 / 2010STATISTICAL SAMPLING METHOD, USED IN THE AUDIT - views, recommendations, fi ndingsPhD Candidate Gabriela-Felicia UNGUREANUAbstractThe rapid increase in the size of U.S. companies from the earlytwentieth century created the need for audit procedures based on the selectionof a part of the total population audited to obtain reliable audit evidence, tocharacterize the entire population consists of account balances or classes oftransactions. Sampling is not used only in audit – is used in sampling surveys,market analysis and medical research in which someone wants to reach aconclusion about a large number of data by examining only a part of thesedata. The difference is the “population” from which the sample is selected, iethat set of data which is intended to draw a conclusion. Audit sampling appliesonly to certain types of audit procedures.Key words: sampling, sample risk, population, sampling unit, tests ofcontrols, substantive procedures.Statistical samplingCommittee statistical sampling of American Institute of CertifiedPublic Accountants of (AICPA) issued in 1962 a special report, titled“Statistical sampling and independent auditors’ which allowed the use ofstatistical sampling method, in accordance with Generally Accepted AuditingStandards (GAAS). During 1962-1974, the AICPA published a series of paperson statistical sampling, “Auditor’s Approach to Statistical Sampling”, foruse in continuing professional education of accountants. During 1962-1974,the AICPA published a series of papers on statistical sampling, “Auditor’sApproach to Statistical Sampling”, for use in continuing professional educationof accountants. In 1981, AICPA issued the professional standard, “AuditSampling”, which provides general guidelines for both sampling methods,statistical and non-statistical.Earlier audits included checks of all transactions in the period coveredby the audited financial statements. At that time, the literature has not givenparticular attention to this subject. Only in 1971, an audit procedures programprinted in the “Federal Reserve Bulletin (Federal Bulletin Stocks)” includedseveral references to sampling such as selecting the “few items” of inventory.Statistics and Audit The program was developed by a special committee, which later became the AICPA, that of Certified Public Accountants American Institute.In the first decades of last century, the auditors often applied sampling, but sample size was not in related to the efficiency of internal control of the entity. In 1955, American Institute of Accountants has published a study case of extending the audit sampling, summarizing audit program developed by certified public accountants, to show why sampling is necessary to extend the audit. The study was important because is one of the leading journal on sampling which recognize a relationship of dependency between detail and reliability testing of internal control.In 1964, the AICPA’s Auditing Standards Board has issued a report entitled “The relationship between statistical sampling and Generally Accepted Auditing Standards (GAAS)” which illustrated the relationship between the accuracy and reliability in sampling and provisions of GAAS.In 1978, the AICPA published the work of Donald M. Roberts,“Statistical Auditing”which explains the underlying theory of statistical sampling in auditing.In 1981, AICPA issued the professional standard, named “Audit Sampling”, which provides guidelines for both sampling methods, statistical and non-statistical.An auditor does not rely solely on the results of a single procedure to reach a conclusion on an account balance, class of transactions or operational effectiveness of the controls. Rather, the audit findings are based on combined evidence from several sources, as a consequence of a number of different audit procedures. When an auditor selects a sample of a population, his objective is to obtain a representative sample, ie sample whose characteristics are identical with the population’s characteristics. This means that selected items are identical with those remaining outside the sample.In practice, auditors do not know for sure if a sample is representative, even after completion the test, but they “may increase the probability that a sample is representative by accuracy of activities made related to design, sample selection and evaluation” [1]. Lack of specificity of the sample results may be given by observation errors and sampling errors. Risks to produce these errors can be controlled.Observation error (risk of observation) appears when the audit test did not identify existing deviations in the sample or using an inadequate audit technique or by negligence of the auditor.Sampling error (sampling risk) is an inherent characteristic of the survey, which results from the fact that they tested only a fraction of the total population. Sampling error occurs due to the fact that it is possible for Revista Română de Statistică nr. 5 / 2010Statistics and Auditthe auditor to reach a conclusion, based on a sample that is different from the conclusion which would be reached if the entire population would have been subject to audit procedures identical. Sampling risk can be reduced by adjusting the sample size, depending on the size and population characteristics and using an appropriate method of selection. Increasing sample size will reduce the risk of sampling; a sample of the all population will present a null risk of sampling.Audit Sampling is a method of testing for gather sufficient and appropriate audit evidence, for the purposes of audit. The auditor may decide to apply audit sampling on an account balance or class of transactions. Sampling audit includes audit procedures to less than 100% of the items within an account balance or class of transactions, so all the sample able to be selected. Auditor is required to determine appropriate ways of selecting items for testing. Audit sampling can be used as a statistical approach and a non- statistical.Statistical sampling is a method by which the sample is made so that each unit consists of the total population has an equal probability of being included in the sample, method of sample selection is random, allowed to assess the results based on probability theory and risk quantification of sampling. Choosing the appropriate population make that auditor’ findings can be extended to the entire population.Non-statistical sampling is a method of sampling, when the auditor uses professional judgment to select elements of a sample. Since the purpose of sampling is to draw conclusions about the entire population, the auditor should select a representative sample by choosing sample units which have characteristics typical of that population. Results will not extrapolate the entire population as the sample selected is representative.Audit tests can be applied on the all elements of the population, where is a small population or on an unrepresentative sample, where the auditor knows the particularities of the population to be tested and is able to identify a small number of items of interest to audit. If the sample has not similar characteristics for the elements of the entire population, the errors found in the tested sample can not extrapolate.Decision of statistical or non-statistical approach depends on the auditor’s professional judgment which seeking sufficient appropriate audits evidence on which to completion its findings about the audit opinion.As a statistical sampling method refer to the random selection that any possible combination of elements of the community is equally likely to enter the sample. Simple random sampling is used when stratification was not to audit. Using random selection involves using random numbers generated byRomanian Statistical Review nr. 5 / 2010Statistics and Audit a computer. After selecting a random starting point, the auditor found the first random number that falls within the test document numbers. Only when the approach has the characteristics of statistical sampling, statistical assessments of risk are valid sampling.In another variant of the sampling probability, namely the systematic selection (also called random mechanical) elements naturally succeed in office space or time; the auditor has a preliminary listing of the population and made the decision on sample size. “The auditor calculated a counting step, and selects the sample element method based on step size. Step counting is determined by dividing the volume of the community to sample the number of units desired. Advantages of systematic screening are its usability. In most cases, a systematic sample can be extracted quickly and method automatically arranges numbers in successive series.”[2].Selection by probability proportional to size - is a method which emphasizes those population units’recorded higher values. The sample is constituted so that the probability of selecting any given element of the population is equal to the recorded value of the item;Stratifi ed selection - is a method of emphasis of units with higher values and is registered in the stratification of the population in subpopulations. Stratification provides a complete picture of the auditor, when population (data table to be analyzed) is not homogeneous. In this case, the auditor stratifies a population by dividing them into distinct subpopulations, which have common characteristics, pre-defined. “The objective of stratification is to reduce the variability of elements in each layer and therefore allow a reduction in sample size without a proportionate increase in the risk of sampling.” [3] If population stratification is done properly, the amount of sample size to come layers will be less than the sample size that would be obtained at the same level of risk given sample with a sample extracted from the entire population. Audit results applied to a layer can be designed only on items that are part of that layer.I appreciated as useful some views on non-statistical sampling methods, which implies that guided the selection of the sample selecting each element according to certain criteria determined by the auditor. The method is subjective; because the auditor selects intentionally items containing set features him.The selection of the series is done by selecting multiple elements series (successive). Using sampling the series is recommended only if a reasonable number of sets used. Using just a few series there is a risk that the sample is not representative. This type of sampling can be used in addition to other samples, where there is a high probability of occurrence of errors. At the arbitrary selection, no items are selected preferably from the auditor, Revista Română de Statistică nr. 5 / 2010Statistics and Auditthat regardless of size or source or characteristics. Is not the recommended method, because is not objective.That sampling is based on the auditor’s professional judgment, which may decide which items can be part or not sampled. Because is not a statistical method, it can not calculate the standard error. Although the sample structure can be constructed to reproduce the population, there is no guarantee that the sample is representative. If omitted a feature that would be relevant in a particular situation, the sample is not representative.Sampling applies when the auditor plans to make conclusions about population, based on a selection. The auditor considers the audit program and determines audit procedures which may apply random research. Sampling is used by auditors an internal control systems testing, and substantive testing of operations. The general objectives of tests of control system and operations substantive tests are to verify the application of pre-defined control procedures, and to determine whether operations contain material errors.Control tests are intended to provide evidence of operational efficiency and controls design or operation of a control system to prevent or detect material misstatements in financial statements. Control tests are necessary if the auditor plans to assess control risk for assertions of management.Controls are generally expected to be similarly applied to all transactions covered by the records, regardless of transaction value. Therefore, if the auditor uses sampling, it is not advisable to select only high value transactions. Samples must be chosen so as to be representative population sample.An auditor must be aware that an entity may change a special control during the course of the audit. If the control is replaced by another, which is designed to achieve the same specific objective, the auditor must decide whether to design a sample of all transactions made during or just a sample of transactions controlled again. Appropriate decision depends on the overall objective of the audit test.Verification of internal control system of an entity is intended to provide guidance on the identification of relevant controls and design evaluation tests of controls.Other tests:In testing internal control system and testing operations, audit sample is used to estimate the proportion of elements of a population containing a characteristic or attribute analysis. This proportion is called the frequency of occurrence or percentage of deviation and is equal to the ratio of elements containing attribute specific and total number of population elements. WeightRomanian Statistical Review nr. 5 / 2010Statistics and Audit deviations in a sample are determined to calculate an estimate of the proportion of the total population deviations.Risk associated with sampling - refers to a sample selection which can not be representative of the population tested. In other words, the sample itself may contain material errors or deviations from the line. However, issuing a conclusion based on a sample may be different from the conclusion which would be reached if the entire population would be subject to audit.Types of risk associated with sampling:Controls are more effective than they actually are or that there are not significant errors when they exist - which means an inappropriate audit opinion. Controls are less effective than they actually are that there are significant errors when in fact they are not - this calls for additional activities to establish that initial conclusions were incorrect.Attributes testing - the auditor should be defining the characteristics to test and conditions for misconduct. Attributes testing will make when required objective statistical projections on various characteristics of the population. The auditor may decide to select items from a population based on its knowledge about the entity and its environment control based on risk analysis and the specific characteristics of the population to be tested.Population is the mass of data on which the auditor wishes to generalize the findings obtained on a sample. Population will be defined compliance audit objectives and will be complete and consistent, because results of the sample can be designed only for the population from which the sample was selected.Sampling unit - a unit of sampling may be, for example, an invoice, an entry or a line item. Each sample unit is an element of the population. The auditor will define the sampling unit based on its compliance with the objectives of audit tests.Sample size - to determine the sample size should be considered whether sampling risk is reduced to an acceptable minimum level. Sample size is affected by the risk associated with sampling that the auditor is willing to accept it. The risk that the auditor is willing to accept lower, the sample will be higher.Error - for detailed testing, the auditor should project monetary errors found in the sample population and should take into account the projected error on the specific objective of the audit and other audit areas. The auditor projects the total error on the population to get a broad perspective on the size of the error and comparing it with tolerable error.For detailed testing, tolerable error is tolerable and misrepresentations Revista Română de Statistică nr. 5 / 2010Statistics and Auditwill be a value less than or equal to materiality used by the auditor for the individual classes of transactions or balances audited. If a class of transactions or account balances has been divided into layers error is designed separately for each layer. Design errors and inconsistent errors for each stratum are then combined when considering the possible effect on the total classes of transactions and account balances.Evaluation of sample results - the auditor should evaluate the sample results to determine whether assessing relevant characteristics of the population is confirmed or needs to be revised.When testing controls, an unexpectedly high rate of sample error may lead to an increase in the risk assessment of significant misrepresentation unless it obtained additional audit evidence to support the initial assessment. For control tests, an error is a deviation from the performance of control procedures prescribed. The auditor should obtain evidence about the nature and extent of any significant changes in internal control system, including the staff establishment.If significant changes occur, the auditor should review the understanding of internal control environment and consider testing the controls changed. Alternatively, the auditor may consider performing substantive analytical procedures or tests of details covering the audit period.In some cases, the auditor might not need to wait until the end audit to form a conclusion about the effectiveness of operational control, to support the control risk assessment. In this case, the auditor might decide to modify the planned substantive tests accordingly.If testing details, an unexpectedly large amount of error in a sample may cause the auditor to believe that a class of transactions or account balances is given significantly wrong in the absence of additional audit evidence to show that there are not material misrepresentations.When the best estimate of error is very close to the tolerable error, the auditor recognizes the risk that another sample have different best estimate that could exceed the tolerable error.ConclusionsFollowing analysis of sampling methods conclude that all methods have advantages and disadvantages. But the auditor is important in choosing the sampling method is based on professional judgment and take into account the cost / benefit ratio. Thus, if a sampling method proves to be costly auditor should seek the most efficient method in view of the main and specific objectives of the audit.Romanian Statistical Review nr. 5 / 2010Statistics and Audit The auditor should evaluate the sample results to determine whether the preliminary assessment of relevant characteristics of the population must be confirmed or revised. If the evaluation sample results indicate that the relevant characteristics of the population needs assessment review, the auditor may: require management to investigate identified errors and likelihood of future errors and make necessary adjustments to change the nature, timing and extent of further procedures to take into account the effect on the audit report.Selective bibliography:[1] Law no. 672/2002 updated, on public internal audit[2] Arens, A şi Loebbecke J - Controve …Audit– An integrate approach”, 8th edition, Arc Publishing House[3] ISA 530 - Financial Audit 2008 - International Standards on Auditing, IRECSON Publishing House, 2009- Dictionary of macroeconomics, Ed C.H. Beck, Bucharest, 2008Revista Română de Statistică nr. 5 / 2010Statistics and Audit摘要美国公司的规模迅速增加，从第二十世纪初创造了必要的审计程序，根据选定的部分总人口的审计，以获得可靠的审计证据，以描述整个人口组成的帐户余额或类别的交易。

毕业设计（论文）外文文献原文及译文Chapter 11. Cipher Techniques11.1 ProblemsThe use of a cipher without consideration of the environment in which it is to be used may not provide the security that the user expects. Three examples will make this point clear.11.1.1 Precomputing the Possible MessagesSimmons discusses the use of a "forward search" to decipher messages enciphered for confidentiality using a public key cryptosystem [923]. His approach is to focus on the entropy (uncertainty) in the message. To use an example from Section 10.1(page 246), Cathy knows that Alice will send one of two messages—BUY or SELL—to Bob. The uncertainty is which one Alice will send. So Cathy enciphers both messages with Bob's public key. When Alice sends the message, Bob intercepts it and compares the ciphertext with the two he computed. From this, he knows which message Alice sent.Simmons' point is that if the plaintext corresponding to intercepted ciphertext is drawn from a (relatively) small set of possible plaintexts, the cryptanalyst can encipher the set of possible plaintexts and simply search that set for the intercepted ciphertext. Simmons demonstrates that the size of the set of possible plaintexts may not be obvious. As an example, he uses digitized sound. The initial calculations suggest that the number of possible plaintexts for each block is 232. Using forward search on such a set is clearly impractical, but after some analysis of the redundancy in human speech, Simmons reduces the number of potential plaintexts to about 100,000. This number is small enough so that forward searches become a threat.This attack is similar to attacks to derive the cryptographic key of symmetric ciphers based on chosen plaintext (see, for example, Hellman's time-memory tradeoff attack [465]). However, Simmons' attack is for public key cryptosystems and does not reveal the private key. It only reveals the plaintext message.11.1.2 Misordered BlocksDenning [269] points out that in certain cases, parts of a ciphertext message can be deleted, replayed, or reordered.11.1.3 Statistical RegularitiesThe independence of parts of ciphertext can give information relating to the structure of the enciphered message, even if the message itself is unintelligible. The regularity arises because each part is enciphered separately, so the same plaintext always produces the same ciphertext. This type of encipherment is called code book mode, because each part is effectively looked up in a list of plaintext-ciphertext pairs.11.1.4 SummaryDespite the use of sophisticated cryptosystems and random keys, cipher systems may provide inadequate security if not used carefully. The protocols directing how these cipher systems are used, and the ancillary information that the protocols add to messages and sessions, overcome these problems. This emphasizes that ciphers and codes are not enough. The methods, or protocols, for their use also affect the security of systems.11.2 Stream and Block CiphersSome ciphers divide a message into a sequence of parts, or blocks, and encipher each block with the same key.Definition 11–1. Let E be an encipherment algorithm, and let Ek(b) bethe encipherment of message b with key k. Let a message m = b1b2…, whereeach biis of a fixed length. Then a block cipher is a cipher for whichE k (m) = Ek(b1)Ek(b2) ….Other ciphers use a nonrepeating stream of key elements to encipher characters of a message.Definition 11–2. Let E be an encipherment algorithm, and let Ek(b) bethe encipherment of message b with key k. Let a message m = b1b2…, whereeach bi is of a fixed length, and let k = k1k2…. Then a stream cipheris a cipher for which Ek (m) = Ek1(b1)Ek2(b2) ….If the key stream k of a stream cipher repeats itself, it is a periodic cipher.11.2.1 Stream CiphersThe one-time pad is a cipher that can be proven secure (see Section 9.2.2.2, "One-Time Pad"). Bit-oriented ciphers implement the one-time pad by exclusive-oring each bit of the key with one bit of the message. For example, if the message is 00101 and the key is 10010, the ciphertext is01||00||10||01||10 or 10111. But how can one generate a random, infinitely long key?11.2.1.1 Synchronous Stream CiphersTo simulate a random, infinitely long key, synchronous stream ciphers generate bits from a source other than the message itself. The simplest such cipher extracts bits from a register to use as the key. The contents of the register change on the basis of the current contents of the register.Definition 11–3. An n-stage linear feedback shift register (LFSR)consists of an n-bit register r = r0…rn–1and an n-bit tap sequence t =t 0…tn–1. To obtain a key bit, ris used, the register is shifted one bitto the right, and the new bit r0t0⊕…⊕r n–1t n–1 is inserted.The LFSR method is an attempt to simulate a one-time pad by generating a long key sequence from a little information. As with any such attempt, if the key is shorter than the message, breaking part of the ciphertext gives the cryptanalyst information about other parts of the ciphertext. For an LFSR, a known plaintext attack can reveal parts of the key sequence. If the known plaintext is of length 2n, the tap sequence for an n-stage LFSR can be determined completely.Nonlinear feedback shift registers do not use tap sequences; instead, the new bit is any function of the current register bits.Definition 11–4. An n-stage nonlinear feedback shift register (NLFSR)consists of an n-bit register r = r0…rn–1. Whenever a key bit is required,ris used, the register is shifted one bit to the right, and the new bitis set to f(r0…rn–1), where f is any function of n inputs.NLFSRs are not common because there is no body of theory about how to build NLFSRs with long periods. By contrast, it is known how to design n-stage LFSRs with a period of 2n– 1, and that period is maximal.A second technique for eliminating linearity is called output feedback mode. Let E be an encipherment function. Define k as a cryptographic key,(r) and define r as a register. To obtain a bit for the key, compute Ekand put that value into the register. The rightmost bit of the result is exclusive-or'ed with one bit of the message. The process is repeated until the message is enciphered. The key k and the initial value in r are the keys for this method. This method differs from the NLFSR in that the register is never shifted. It is repeatedly enciphered.A variant of output feedback mode is called the counter method. Instead of using a register r, simply use a counter that is incremented for every encipherment. The initial value of the counter replaces r as part of the key. This method enables one to generate the ith bit of the key without generating the bits 0…i – 1. If the initial counter value is i, set. In output feedback mode, one must generate all the register to i + ithe preceding key bits.11.2.1.2 Self-Synchronous Stream CiphersSelf-synchronous ciphers obtain the key from the message itself. The simplest self-synchronous cipher is called an autokey cipher and uses the message itself for the key.The problem with this cipher is the selection of the key. Unlike a one-time pad, any statistical regularities in the plaintext show up in the key. For example, the last two letters of the ciphertext associated with the plaintext word THE are always AL, because H is enciphered with the key letter T and E is enciphered with the key letter H. Furthermore, if theanalyst can guess any letter of the plaintext, she can determine all successive plaintext letters.An alternative is to use the ciphertext as the key stream. A good cipher will produce pseudorandom ciphertext, which approximates a randomone-time pad better than a message with nonrandom characteristics (such as a meaningful English sentence).This type of autokey cipher is weak, because plaintext can be deduced from the ciphertext. For example, consider the first two characters of the ciphertext, QX. The X is the ciphertext resulting from enciphering some letter with the key Q. Deciphering, the unknown letter is H. Continuing in this fashion, the analyst can reconstruct all of the plaintext except for the first letter.A variant of the autokey method, cipher feedback mode, uses a shift register. Let E be an encipherment function. Define k as a cryptographic(r). The key and r as a register. To obtain a bit for the key, compute Ek rightmost bit of the result is exclusive-or'ed with one bit of the message, and the other bits of the result are discarded. The resulting ciphertext is fed back into the leftmost bit of the register, which is right shifted one bit. (See Figure 11-1.)Figure 11-1. Diagram of cipher feedback mode. The register r is enciphered with key k and algorithm E. The rightmost bit of the result is exclusive-or'ed with one bit of the plaintext m i to produce the ciphertext bit c i. The register r is right shifted one bit, and c i is fed back into the leftmost bit of r.Cipher feedback mode has a self-healing property. If a bit is corrupted in transmission of the ciphertext, the next n bits will be deciphered incorrectly. But after n uncorrupted bits have been received, the shift register will be reinitialized to the value used for encipherment and the ciphertext will decipher properly from that point on.As in the counter method, one can decipher parts of messages enciphered in cipher feedback mode without deciphering the entire message. Let the shift register contain n bits. The analyst obtains the previous n bits of ciphertext. This is the value in the shift register before the bit under consideration was enciphered. The decipherment can then continue from that bit on.11.2.2 Block CiphersBlock ciphers encipher and decipher multiple bits at once, rather than one bit at a time. For this reason, software implementations of block ciphers run faster than software implementations of stream ciphers. Errors in transmitting one block generally do not affect other blocks, but as each block is enciphered independently, using the same key, identical plaintext blocks produce identical ciphertext blocks. This allows the analyst to search for data by determining what the encipherment of a specific plaintext block is. For example, if the word INCOME is enciphered as one block, all occurrences of the word produce the same ciphertext.To prevent this type of attack, some information related to the block's position is inserted into the plaintext block before it is enciphered. The information can be bits from the preceding ciphertext block [343] or a sequence number [561]. The disadvantage is that the effective block size is reduced, because fewer message bits are present in a block.Cipher block chaining does not require the extra information to occupy bit spaces, so every bit in the block is part of the message. Before a plaintext block is enciphered, that block is exclusive-or'ed with the preceding ciphertext block. In addition to the key, this technique requires an initialization vector with which to exclusive-or the initial plaintext block. Taking Ekto be the encipherment algorithm with key k, and I to be the initialization vector, the cipher block chaining technique isc 0 = Ek(m⊕I)c i = Ek(mi⊕ci–1) for i > 011.2.2.1 Multiple EncryptionOther approaches involve multiple encryption. Using two keys k and k' toencipher a message as c = Ek' (Ek(m)) looks attractive because it has aneffective key length of 2n, whereas the keys to E are of length n. However, Merkle and Hellman [700] have shown that this encryption technique can be broken using 2n+1encryptions, rather than the expected 22n(see Exercise 3).Using three encipherments improves the strength of the cipher. There are several ways to do this. Tuchman [1006] suggested using two keys k and k':c = Ek (Dk'(Ek(m)))This mode, called Encrypt-Decrypt-Encrypt (EDE) mode, collapses to a single encipherment when k = k'. The DES in EDE mode is widely used in the financial community and is a standard (ANSI X9.17 and ISO 8732). It is not vulnerable to the attack outlined earlier. However, it is vulnerable to a chosen plaintext and a known plaintext attack. If b is the block size in bits, and n is the key length, the chosen plaintext attacktakes O(2n) time, O(2n) space, and requires 2n chosen plaintexts. The known plaintext attack requires p known plaintexts, and takes O(2n+b/p) time and O(p) memory.A second version of triple encipherment is the triple encryption mode [700]. In this mode, three keys are used in a chain of encipherments.c = Ek (Ek'(Ek''(m)))The best attack against this scheme is similar to the attack on double encipherment, but requires O(22n) time and O(2n) memory. If the key length is 56 bits, this attack is computationally infeasible.11.3 Networks and CryptographyBefore we discuss Internet protocols, a review of the relevant properties of networks is in order. The ISO/OSI model [990] provides an abstract representation of networks suitable for our purposes. Recall that the ISO/OSI model is composed of a series of layers (see Figure 11-2). Each host, conceptually, has a principal at each layer that communicates with a peer on other hosts. These principals communicate with principals at the same layer on other hosts. Layer 1, 2, and 3 principals interact only with similar principals at neighboring (directly connected) hosts. Principals at layers 4, 5, 6, and 7 interact only with similar principals at the other end of the communication. (For convenience, "host" refers to the appropriate principal in the following discussion.)Figure 11-2. The ISO/OSI model. The dashed arrows indicate peer-to-peer communication. For example, the transport layers are communicating with each other. The solid arrows indicate the actual flow of bits. For example, the transport layer invokes network layer routines on the local host, which invoke data link layer routines, which put the bits onto the network. The physical layer passes the bits to the next "hop," or host, on the path. When the message reaches the destination, it is passed up to the appropriatelevel.Each host in the network is connected to some set of other hosts. They exchange messages with those hosts. If host nob wants to send a message to host windsor, nob determines which of its immediate neighbors is closest to windsor (using an appropriate routing protocol) and forwards the message to it. That host, baton, determines which of its neighbors is closest to windsor and forwards the message to it. This process continues until a host, sunapee, receives the message and determines that windsor is an immediate neighbor. The message is forwarded to windsor, its endpoint.Definition 11–5. Let hosts C0, …, Cnbe such that Ciand Ci+1are directlyconnected, for 0 i < n. A communications protocol that has C0 and Cnasits endpoints is called an end-to-end protocol. A communications protocolthat has Cj and Cj+1as its endpoints is called a link protocol.The difference between an end-to-end protocol and a link protocol is that the intermediate hosts play no part in an end-to-end protocol other than forwarding messages. On the other hand, a link protocol describes how each pair of intermediate hosts processes each message.The protocols involved can be cryptographic protocols. If the cryptographic processing is done only at the source and at the destination, the protocol is an end-to-end protocol. If cryptographic processing occurs at each host along the path from source to destination, the protocolis a link protocol. When encryption is used with either protocol, we use the terms end-to-end encryption and link encryption, respectively.In link encryption, each host shares a cryptographic key with its neighbor. (If public key cryptography is used, each host has its neighbor's public key. Link encryption based on public keys is rare.) The keys may be set on a per-host basis or a per-host-pair basis. Consider a network with four hosts called windsor, stripe, facer, and seaview. Each host is directly connected to the other three. With keys distributed on a per-host basis, each host has its own key, making four keys in all. Each host has the keys for the other three neighbors, as well as its own. All hosts use the same key to communicate with windsor. With keys distributed on a per-host-pair basis, each host has one key per possible connection, making six keys in all. Unlike the per-host situation, in the per-host-pair case, each host uses a different key to communicate with windsor. The message is deciphered at each intermediate host, reenciphered for the next hop, and forwarded. Attackers monitoring the network medium will not be able to read the messages, but attackers at the intermediate hosts will be able to do so.In end-to-end encryption, each host shares a cryptographic key with each destination. (Again, if the encryption is based on public key cryptography, each host has—or can obtain—the public key of each destination.) As with link encryption, the keys may be selected on a per-host or per-host-pair basis. The sending host enciphers the message and forwards it to the first intermediate host. The intermediate host forwards it to the next host, and the process continues until the message reaches its destination. The destination host then deciphers it. The message is enciphered throughout its journey. Neither attackers monitoring the network nor attackers on the intermediate hosts can read the message. However, attackers can read the routing information used to forward the message.These differences affect a form of cryptanalysis known as traffic analysis.A cryptanalyst can sometimes deduce information not from the content ofthe message but from the sender and recipient. For example, during the Allied invasion of Normandy in World War II, the Germans deduced which vessels were the command ships by observing which ships were sending and receiving the most signals. The content of the signals was not relevant; their source and destination were. Similar deductions can reveal information in the electronic world.第十一章密码技术11．1问题在没有考虑加密所要运行的环境时，加密的使用可能不能提供用户所期待的安全。

审计学毕业论文参考文献审计学毕业论文参考文献审计毕业论文参考文献篇一：[1] 程之议. 浅析会计师事务所审计质量的影响因素[J]. 中国管理信息化. 2014(18)[2] 张俊生，张琳. 特殊普通合伙制让审计师更稳健了吗?--来自中国会计师事务所转制的经验证据[J]. 会计与经济研究. 2014(04)[3] 刘行健，王开田. 会计师事务所转制对审计质量有影响吗?[J]. 会计研究. 2014(04)[4] 周中胜. 会计师事务所组织形式与审计收费[J]. 江西财经大学学报. 2014(02)[5] 张敬之. 特殊普通合伙的市场反应研究--以会计师事务所为例[J]. 江西警察学院学报. 2014(01)[6] 李瑞青，白洁. 我国会计师事务所审计质量研究[J]. 信阳师范学院学报(哲学社会科学版). 2014(01)[7] 郑杨. 会计师事务所转制分析--基于信永中和转制为特殊普通合伙制的思考[J]. 财会通讯. 2013(31)[8] 李江涛，宋华杨，邓迦予. 会计师事务所转制政策对审计定价的影响[J]. 审计研究. 2013(02)[9] 肖小凤，王善平，肖雯. 论会计师事务所特殊普通合伙制度的完善[J]. 财经理论与实践. 2012(05)[10] 刘启亮，陈汉文. 特殊普通合伙制、政府控制与审计师选择[J]. 财会通讯. 2012(24)[11] 程启智，刘三昌. 对特殊普通合伙会计师事务所的一些思考[J]. 商业会计. 2012(07)[12] 张连起. 特殊普通合伙转制的实践与体会[J]. 中国注册会计师. 2011(04)[13] 孟晓俊，严慧. 会计师事务所组织形式探讨[J]. 生产力研究. 2010(12)[14] 章立军. 会计准则国际化：趋势与应对--第四届立信会计学术研讨会综述[J]. 上海立信会计学院学报. 2010(06)[15] 何新容. 我国特殊普通合伙债权人保护制度的完善--兼与美国相关立法比较[J]. 南京审计学院学报. 2010(04)[16] 王星灿. 试析特殊普通合伙律师事务所律师的“过错”[J]. 商业文化(学术版). 2010(08)[17] 黄洁莉. 英、美、中三国会计师事务所组织形式演变研究[J]. 会计研究. 2010(07)[18] 冯延超，梁莱歆. 上市公司法律风险、审计收费及非标准审计意见--来自中国上市公司的经验证据[J]. 审计研究. 2010(03)[19] 王棣华. 论我国会计师事务所有限责任合伙制改造[J]. 财经理论与实践. 2010(03)审计毕业论文参考文献篇二：内部审计参考文献：[1]钟骏华，邢福梅。