运用IT审计规避银行信息化风险的思考
发布时间:2018-12-13 19:41
【摘要】: 随着信息技术的快速发展,我国金融信息化已经走过了“金融电子化”,正向“金融信息化”深层次迈进。在数据大集中之后,各家金融机构通过数据仓库、数据挖掘(DM)等日渐成熟的技术,加强客户和市场分析,努力构建以金融信息化和信息网络化为基础的先进网络化金融机构。但信息技术在物理上、操作上和管理上存在的漏洞,构成了IT系统安全的脆弱性,给银行带来了一系列新的不安全因素。计算机犯罪和舞弊、会计信息的失真,都将给银行的资金、信誉造成重大的损失。因此,如何确保IT战略目标与银行总体发展目标的一致性,最大限度地规避战略风险、投资风险和运行风险,保证银行的可持续发展,是银行面临的首要难题。因此,运用IT审计,加强对金融IT策略、安全、效益的审查与评估,为管理层战略规划、投资决策、化解风险提供重要依据,就显得尤为迫切和重要。 目前,,IT审计在国际上是一个相当成熟的领域,发达国家银行机构均建立了完善的信息系统审计体系,而在我国IT审计才刚刚开始起步,尚缺乏成熟的经验和案例可供参考,尤其是没有针对大型数据处理和大型软件开发的IT审计经验可以借鉴。鉴于此,本文首先分析发达国家银行的IT审计组织结构和技术架构,解析国内银行IT审计的现状及存在的问题,并将国际经验与我国实际情况进行差异性分析;其次引入国外几种可供参考的IT技术框架及模型,探讨我国银行业IT审计技术框架的构建;最后,在前文分析的基础上对我国银行业IT审计的推进提供几点对策和建议,使IT审计成为规避战略风险、运行风险、保证银行可持续发展的有力工具。
[Abstract]:With the rapid development of information technology, China's financial informatization has gone through "financial computerization", and is moving toward "financial informatization". After data concentration, financial institutions strengthen customer and market analysis through increasingly mature technologies such as data warehouse, data mining (DM), etc. We should try to construct advanced networked financial institutions based on financial information and information networking. However, the vulnerability of information technology in physics, operation and management constitutes the fragility of IT system security, and brings a series of new unsafe factors to banks. Computer crime and fraud, accounting information distortion, will give the bank's funds, credibility caused a major loss. Therefore, how to ensure the consistency between IT strategic goal and the overall development goal of the bank, to avoid the strategic risk, investment risk and operational risk to the maximum extent, and to ensure the sustainable development of the bank are the most difficult problems faced by the bank. Therefore, it is urgent and important to use IT audit to strengthen the examination and evaluation of financial IT strategy, security and benefit, to provide important basis for management strategic planning, investment decision and risk resolution. At present, IT audit is a very mature field in the world. The banking institutions in developed countries have established a perfect information system audit system. However, in our country, the IT audit has just begun, and there is still a lack of mature experience and cases for reference. In particular, there is no IT audit experience for large-scale data processing and software development. In view of this, this paper first analyzes the IT audit organization structure and technical framework of developed country banks, analyzes the present situation and existing problems of domestic bank IT audit, and analyzes the difference between international experience and China's actual situation. Secondly, it introduces several foreign IT technical frameworks and models for reference, and probes into the construction of the technical framework of IT audit in China's banking industry. Finally, on the basis of the previous analysis, this paper provides some countermeasures and suggestions for the promotion of IT audit in China's banking industry, which makes IT audit a powerful tool to avoid strategic risks, run risks and ensure the sustainable development of banks.
【学位授予单位】:东北财经大学
【学位级别】:硕士
【学位授予年份】:2007
【分类号】:F239.1;F239.65
本文编号:2377106
[Abstract]:With the rapid development of information technology, China's financial informatization has gone through "financial computerization", and is moving toward "financial informatization". After data concentration, financial institutions strengthen customer and market analysis through increasingly mature technologies such as data warehouse, data mining (DM), etc. We should try to construct advanced networked financial institutions based on financial information and information networking. However, the vulnerability of information technology in physics, operation and management constitutes the fragility of IT system security, and brings a series of new unsafe factors to banks. Computer crime and fraud, accounting information distortion, will give the bank's funds, credibility caused a major loss. Therefore, how to ensure the consistency between IT strategic goal and the overall development goal of the bank, to avoid the strategic risk, investment risk and operational risk to the maximum extent, and to ensure the sustainable development of the bank are the most difficult problems faced by the bank. Therefore, it is urgent and important to use IT audit to strengthen the examination and evaluation of financial IT strategy, security and benefit, to provide important basis for management strategic planning, investment decision and risk resolution. At present, IT audit is a very mature field in the world. The banking institutions in developed countries have established a perfect information system audit system. However, in our country, the IT audit has just begun, and there is still a lack of mature experience and cases for reference. In particular, there is no IT audit experience for large-scale data processing and software development. In view of this, this paper first analyzes the IT audit organization structure and technical framework of developed country banks, analyzes the present situation and existing problems of domestic bank IT audit, and analyzes the difference between international experience and China's actual situation. Secondly, it introduces several foreign IT technical frameworks and models for reference, and probes into the construction of the technical framework of IT audit in China's banking industry. Finally, on the basis of the previous analysis, this paper provides some countermeasures and suggestions for the promotion of IT audit in China's banking industry, which makes IT audit a powerful tool to avoid strategic risks, run risks and ensure the sustainable development of banks.
【学位授予单位】:东北财经大学
【学位级别】:硕士
【学位授予年份】:2007
【分类号】:F239.1;F239.65
【引证文献】
相关硕士学位论文 前1条
1 周建明;A银行信息科技风险管理研究[D];云南大学;2012年
本文编号:2377106
本文链接:https://www.wllwen.com/jingjilunwen/sjlw/2377106.html
