国内商业银行信息科技风险管理研究

【作者】 陈雷蕾；

【导师】 曾志耕；

【作者基本信息】 西南财经大学 ， 工商管理， 2010， 硕士

【摘要】 目前,信息科技已成为商业银行实现管理、经营、创新的基础平台,随着金融信息技术化程度的日益提高,商业银行对信息科技的依赖度显著增强。然而,信息科技向金融业务的深入渗透在加速实现银行经营效率和收益的同时,其中潜在的信息科技风险也呈逐步扩大趋势。特别近几年来,金融系统信息化风险事件频发,风险损失不断增加等都对银行稳健发展带来越来越大的威胁,银行信息科技风险管理的形势日趋严峻,管理的难度也越来越大。为此,防控商业银行信息科技风险刻不容缓,十分重要,在推动银行业务创新、提高信息技术应用水平的同时,不断加强信息科技风险管理研究,以促进信息科技风险管理水平持续提升,切实抓好商业银行信息系统风险管控,促使打造一个安全可靠的金融IT平台,使银行业务健康稳定快速发展。本文首先介绍了选题的背景和意义,对商业银行信息科技风险的定义、内涵,我国商业银行信息科技风险的基本特征和类别、管理等进行概述。其次用规范理论研究和实例研究相结合的方法揭示了我国商业银行信息科技管理存在的主要风险,提出了当前我国商业银行信息科技风险需要关注的重点,包括信息科技治理、变更管理、业务连续性管理、第三方管理以及与用户密切相关的重要应用系统的风险管理等。并找出了目前我国金融系统信息科技风险管理相对薄弱的原因,对信息科技的风险防范不足,缺乏对信息科技安全的关注、统筹安排,在信息科技风险管理的理念、实际应用、技术平台以及人力资源配置等方面均显不足以致风险隐患与风险漏洞较多。然后通过我国某商业银行信息科技风险管理的案例进行分析,结合该商业银行自身的信息系统特点和风险进行了剖析,通过该银行信息化的进程阐述了商业银行信息系统的构成特点,对该银行信息化风险控制现状、存在问题进行了详细的阐述,并综合地有针对性地提出了改进完善该银行信息科技风险管理的建议,尝试着为银行开展信息系统安全审计提供必要的风险导向。接着从我国商业银行信息科技风险的主要表现出发,根据我国商业银行在信息科技风险管理上存在的问题,提出银行信息技术风险进行控制、防范和化解的对策。从制度建设入手,完善管理体制,从内部控制、外部控制进行研究,提出了对内部控制上主要应提高思想认识、完善内控制度、强化队伍建设、加强技术防范、建立应急体系等；外部控制上主要是加强金融监管、加快技术法规、标准建设、加强服务外包风险控制和取得国家其他部门和机构的有力支持等。最后,对论文的研究过程总结归纳,阐明不足之处。更多还原

【Abstract】 Currently, information technology has become a basic platform for commercial bank to achieve the goal of management, operation, and innovation. With the the increasing level of financial information technology, commercial banks dependend more and more on information technology. The penetration of information technology to the financial business has accelerated the realization of operating efficiency and income of bank. one of the potential risks of information technology, however, is gradually widening at the same time. Especially in recent years, informationization risk event happens frequently in financial system. The loss of risk is also increasing. All these bring a growing threat to the healthy development of banks, so bank information technology risk management situation is becoming increasingly severe. Therefore,it is very crucial for commercial banks to prevent and control the risk of information technology. To create a safe and reliable financial IT platform that enables rapid development of healthy and stable banking business, it is important to promote the innovation of banking business, improve the application level of information technology, and strengthen the risk management of information technology simultaneouslyThis paper introduces the background and significance of the topic firstly. Then it discusses the definition and connotation of commercial bank information’ technology risk, the basic characteristics, category and management of China’s commercial banks information technology risks as well.Secondly, with the combination of theoretical research and case study, the study reveals the main risks in managing China’s commercial bank information technology and presents the current information technology risks that commercial banks need to focus on, including information technology governance, change management, business continuity management, the third party management and the risk management of important application system closely related to users as well. Simultaneously, the study finds out the causes of weakness of the information technology risk management in current financial system, including inadequate prevention of information technology risk, lack of co-ordinate arrangements and concern about the safety of information technology, deficiency of concepts, practical applications, technology platforms and other aspects of human resources in management of information technology.After that, the paper studies a case of one commercial bank information technology risk management. Based on its own characteristic, risk of information system and the process of Informatization, the study describes the composition characteristics of commercial bank information system. It analyzes the situation of bank information risk control and existing problems in detail, and puts forward an integrated manner to improve the risk management of the bank’s information technology, trying to provide the necessary information system security risk-based audit for the bank.Then, starting with the main performance of commercial bank information technology risks, based on the problems of commercial banks in the information technology risk management, the study provides the countermeasures to control, prevent and reduce the risk of bank information technology. On the basis of system construction, to perfect the management system, the study points out that, internal control and external control are to be applied. Internal control means enhancing their understanding, perfecting the internal control system, and strengthening team building and technical protection, the establishment of emergency system, etc.; external control mainly refers to strengthening financial supervision, speeding up technical regulations, strengthening risk control of service outsourcing and obtaining strong support of agencies and state, etc..Finally, the paper summarizes the research process and clarifies deficiencies of the study.更多还原