IT审计在农村商业银行的应用研究

发布时间：2018-04-27 22:20

本文选题：农村商业银行 + IT审计　；参考：《西南财经大学》2010年硕士论文

【摘要】：一直以来我国商业银行的内部审计基本上是账目基础审计,随着计算机技术发展,几乎所有商业银行包括农村商业银行业务都要通过计算机系统来完成。但信息技术在高速发展的同时,也给农村商业银行带来了不安全因素。目前,银行业监管部门已明确指示各金融机构要做好信息科技风险和评价审计工作,对照国际信息科技风险监管体系进行差距分析、构建信息科技风险监测和评价体系。农村商业银行作为第二批实施金融机构,着手在农村商业银行内部开展IT审计的相关课题的研究就显得迫在眉睫了。本文从研究背景出发,分析了IT审计的内涵,比较了IT审计与其他国际通行标准体系而进一步提出了我国金融机构引入IT审计的现实必要性,重点介绍了IT审计国际参考标准的COBIT模型及在我国金融机构运用现状,进而分析了在农村商业银行运用IT审计必要性和现实困难,最后探讨了农村商业银行实施IT审计的架构并给出了一个详细的操作案例。其主要内容如下：第一章介绍了IT审计理论基础。首先对IT审计的发展进行了简单梳理,对与IT审计相近的几个概念进行了比较,归纳出IT审计概念。第二章分析了我国引入IT审计的必要性。介绍了IT审计的内容和制度,比较了IT审计与ISO9000标准、CMM模型,给出了IT审计这一新生事物存在的较合理的定位,在与信息系统项目管理的比较中得出了IT审计的存在意义和特点；然后浅析了银行信息化风险的特点及我国银行在信息化管理中存在的问题,探讨了开展IT审计的现实必要性与可行性及IT审计在防范银行风险中的作用。在对COBIT标准进行介绍的基础上,通过学习和借鉴已经成形的程序、指南和标准,为现行运用提供帮助,同时结合实际、探讨我国商业银行运用该模型的具体过程中应注意的几个问题。第三章探讨了在农村商业银行实施IT审计的可操作性。通过实施IT审计,即通过对农村商业银行所有IT规划、建设、应用、服务、安全等全方位的审计,充分识别、评估IT风险和完善控制措施,以实现农村商业银行IT系统的可用性、安全性、完整性、有效性,从而强化农村商业银行内部控制。第四章重点架构了信息技术基础审计,并从信息系统建设审计、应用系统审计、项目管理审计及计算机辅助审计技术等专项角度阐述了IT审计的实施内容。本章力求使得IT审计在农村商业银行中开展具有较强的可操作性,以满足农村商业银行在现行改革的过程中IT治理与经营战略目标的一致性。本文探讨了IT审计的发展及内涵,通过对现行国际上IT审计标准模型的学习,结合农村商业银行信息化发展现状及改革需要,为农村商业银行IT审计的具体过程提出了一个可供操作的流程,为IT审计在我国金融机构的全面开展积累经验。
[Abstract]:The internal audit of commercial banks in our country has been basically the basic audit of accounts. With the development of computer technology, almost all commercial banks, including rural commercial banks, have to complete their business through computer system. However, the rapid development of information technology has also brought insecurity to rural commercial banks. At present, the banking supervision department has clearly instructed the financial institutions to do a good job in the information technology risk and evaluation audit, compare with the international information technology risk supervision system to analyze the gap, and construct the information technology risk monitoring and evaluation system. Rural commercial banks as the second group of financial institutions, it is urgent to start the research of IT audit in rural commercial banks. Based on the research background, this paper analyzes the connotation of IT audit, compares IT audit with other international standard systems, and further points out the practical necessity of introducing IT audit into Chinese financial institutions. This paper mainly introduces the COBIT model of the international reference standard of IT audit and the present situation of its application in China's financial institutions, and then analyzes the necessity and practical difficulties of using IT audit in rural commercial banks. Finally, the paper discusses the framework of IT audit in rural commercial banks and gives a detailed operation case. Its main contents are as follows: The first chapter introduces the theoretical basis of IT audit. Firstly, the development of IT audit is simply combed, and several concepts similar to IT audit are compared, and the concept of IT audit is summed up. The second chapter analyzes the necessity of introducing IT audit into our country. This paper introduces the content and system of IT audit, compares IT audit with ISO9000 standard, and gives the reasonable orientation of IT audit, which is a new thing. In the comparison with the information system project management, the existence significance and characteristics of IT audit are obtained, and then the characteristics of the bank informatization risk and the problems existing in the information management of our country's banks are analyzed. This paper discusses the necessity and feasibility of IT audit and the role of IT audit in preventing bank risk. On the basis of the introduction of COBIT standards, through learning and learning from the already formed procedures, guidelines and standards, to provide assistance for the current application, while combining the actual, This paper discusses some problems that should be paid attention to in the application of this model by commercial banks in China. The third chapter discusses the feasibility of IT audit in rural commercial banks. Through the implementation of IT audit, that is, through the comprehensive audit of all IT planning, construction, application, service, security and other aspects of rural commercial banks, the full identification and evaluation of IT risks and the improvement of control measures are carried out. In order to realize the usability, security, integrality and validity of IT system of rural commercial bank, so as to strengthen the internal control of rural commercial bank. The fourth chapter focuses on the basic information technology audit, and expounds the implementation content of IT audit from the aspects of information system construction audit, application system audit, project management audit and computer-aided audit technology. This chapter tries to make IT audit in rural commercial banks have a strong operability, in order to meet the current reform of rural commercial banks in the process of IT governance and management strategy objectives consistency. This paper discusses the development and connotation of IT audit, through the study of the current international IT auditing standard model, combined with the development of information technology in rural commercial banks and the needs of reform. This paper puts forward an operable process for IT audit of rural commercial banks, and accumulates experience for IT audit in our financial institutions.
【学位授予单位】：西南财经大学
【学位级别】：硕士
【学位授予年份】：2010
【分类号】：F239.1;F832.3

【参考文献】