KS X ISO IEC 38500-2009 Information Technology－Corporate governance of information technology《信息技术 企业级信息技术治理结构》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 38500 IT KS X ISO/IEC 38500:2009 2009 5 22 http:/www.kats.go.krKS X ISO/IEC 38500:2009 : ( ) ( ) () ()SJ ( ) ：(JTC1/SC7) () ( ) () TTA () LG-CNS SDS KS X ISO/IEC 38500:2009 ： (http:/www.standard.go.kr) ： ：2009 5 22 2009-0213 ： ： (JTC1/SC7) ( 02-

2、509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IEC 38500:2009 i ii .1 1 1 1.1 .1 1.2 .1 1.3 .1 1.4 .2 1.5 3 1.6 3 2 IT 5 2.1 .5 2.2 .6 3 IT .8 3.1 .8 3.2 1： 8 3.3 2： 9 3.4 3： 9 3.5 4： 10 3.6 5： 11 3.7 6： .11 KS X ISO/IEC 38500:2009 13 KS X ISO/IEC 38500:2009 ii (IT) , . IT IT . IT . IT . . IT I

3、T , . IT , IT . , . 1992 (Committee on the Financial Aspects of Corporate Governance) (Cadbury Report) . Cadbury Report 1999 OECD (2004 ) . Cadbury Report OECD . . , ( ) . , . , . KS X ISO/IEC 38500:2009 IT Information Technology Corporate governance of information technology 2008 1 ISO/IEC 38500, C

4、orporate governance of information technology . 1 1.1 ( , , , , ) , IT . ( ) . IT . . . , , , , IT ( ) IT 1.2 , , . IT . 1.3 IT . , IT (KS X ISO/IEC 38500:2009 2 , , ) IT IT 1.4 1.4.1 IT . IT . IT . , . IT . 1.4.2 IT IT ( ) . IT . , . IT . . . 1.4.3 IT IT . IT IT KS X ISO/IEC 38500:2009 3 IT , IT 1.

5、5 . , Adrian Cadbury , London, 1992 ISBN 0 85258 913 1 (Report of the Committee on the Financial Aspects of Corporate Governance, Sir Adrian Cadbury, London, 1992 ISBN 0 85258 913 1) OECD , OECD, 1999 and 2004 (OECD Principles of Corporate Governance, OECD, 1999 and 2004) ISO Guide 73 2002 (ISO Guid

6、e 73 2002 Risk management Vocabulary Guidelines for use in standards) 1.6 . . 1.6.1 (acceptable) . 1.6.2 (corporate governance) (Cadbury 1992 OECD 1999 ) 1.6.3 IT (corporate governance of IT) IT IT IT . IT . KS X ISO/IEC 38500:2009 4 1.6.4 (competent) , , , , . 1.6.5 (director) . , , , , . 1.6.6 (hu

7、man behaviour) . , , . IT , , . . IT , . IT . 1.6.7 (Information technology： IT) , , , . “ (Communication Technology： CT)” “ (Information and Communication Technology： lCT)” . 1.6.8 (investment) , 1.6.9 (management) . . 1.6.10 (organization) , , , , , , 1.6.11 (policy) KS X ISO/IEC 38500:2009 5 1.6.

8、12 (proposal) , , , . . 1.6.13 (resources) , , , , , , , , 1.6.14 (risk) (ISO/IEC Guide 73) . , . 1.6.15 (risk management) (ISO/IEC Guide 73) 1.6.16 (stakeholder) , , , (ISO/IEC Guide 73 ) 1.6.17 (strategy) , . . 1.6.18 IT (use of IT) IT , , , , , , . , IT IT ( ) . 2 IT 2.1 IT . . . , , . , . . 2.1.

9、1 1： (responsibility) KS X ISO/IEC 38500:2009 6 IT . . 2.1.2 2： (strategy) IT . IT . 2.1.3 3： (acquisition) IT , , . , , . 2.1.4 4： (performance) IT , . 2.1.5 5： (conformance) IT . , , . 2.1.6 6： (human behaviour) IT , , . 2.2 IT . a) IT b) IT c) , 1 IT . 1 . KS X ISO/IEC 38500:2009 7 1 IT (evaluate

10、) , , ( , ) IT . IT , , . . . (direct) . IT IT . IT . IT , . , , IT . , . (monitor) IT . . IT ( ) . IT IT IT KS X ISO/IEC 38500:2009 8 IT . IT . 3 IT 3.1 IT . IT . IT . , IT . ( ) . . 3.2 1： IT . IT , . IT . , IT . IT . . IT . . IT (： ) . KS X ISO/IEC 38500:2009 9 3.3 2： IT IT . IT IT . , IT . IT .

11、IT . IT . IT IT . 3.4 3： IT . IT ( ) , , . ( ) . KS X ISO/IEC 38500:2009 10 IT IT . IT . 3.5 4： IT . IT . IT . IT . IT . IT . IT . , IT . IT . . IT . KS X ISO/IEC 38500:2009 11 3.6 5： IT ( ), , . IT . IT ( ), . IT . IT . IT . IT , . , , , , IT . 3.7 6： IT . IT . , , . . KS X ISO/IEC 38500:2009 12 IT . IT . KS X ISO/IEC 38500:2009 13 KS X ISO/IEC 38500:2009 . 1 IT . IT IT , , . IT , , , . . IT . IT . 2 2006 5 ISO/IEC JTC1/SC7