中文摘要：

当前，我国信息系统安全问题受到广泛关注，其安全性、机密性受到挑战，这对信息系统审计工作提出更高的要求。与传统审计相比，信息系统审计的对象更为抽象，程序更为复杂，致使其面临着巨大的风险，如何科学评估信息系统审计风险成为了IS审计主体亟待解决的问题。本文以“信息系统审计风险”为切入点，以“AHP”与“熵权”为关键方法，结合信息系统审计的运行环境，构建了“既定风险估值下”信息系统审计风险的评估模型与“不同风险等级下”信息系统审计风险的评估模型，并在实证分析的基础上，提出了信息系统审计风险评估的启示与建议，旨在为IS审计主体实现对审计风险的有效管理提供理论借鉴。

英文摘要：

At present, information system （IS） security has caused wide public concern in China. Its security and confidentiality are being challenged, which put forward higher requirements towards IS auditing. Compared with traditional audits, IS audits boast of more abstract objects and more complex procedures, and are thus confronted with huge risks. Therefore, it has become an urgent problem for IS auditors to evaluate such audit risks. This pa- per, starting with ＂risks in information system audits＂, aims at building an evaluation model under ＂determinate risk value＂ and ＂different levels of risks＂ in runtime environment of IS audits by means of ＂AHP＂ and ＂entropy weight＂ . On the basis of empirical analysis, this paper is designed to explore the methods of controlling IS audit risks in order to provide auditors with theoretical support to effectively manage audit risks.