| With modern commercial banks more and more depending on the support of information technology for increasing actively financial innovations to compete with others, Because of the complication of IS of commercial banks and the dependence of business of commercial banks on their IS, the board of directors and senior management are beginning to more and more focus on the risks of commercial banks. In recent years, however, the manipulated scandals of many banks are more related to the operational and technical risks of commercial banks.Given the special nature of the business of commercial banks and commercial banks IS carrier's role as a capital transaction, the risks associated commercial banks IS have also been highly concerned by the regulatory authorities. Both" New Basel Accord" focused on the operating risk (system risks and internal control risks) and" Sarbanes-Oxley Act" emphasized on information technology control reveal this.Strengthening IS internal controls to avoid unnecessary technical risks has important practical significance for commercial banks to improve their competitiveness and the provision of the regulation (regulatory) control information. However, the study on the current IS internal control system of commercial banks is lacking and the IS risks recognition, analysis and control in the banking industry is still in the exploratory stage. As far as the domestic situations, the internal control of China's commercial banks more depends on the supervision and lacks of long-term planning and mature prevention control system. Moreover, the research on internal control and evaluation of commercial banks IS are very little.For this reason, this article gives a research on the risk-oriented internal control and evaluation of commercial banks IS. After summing up adopted internal control systems and IS control research results of commercial banks, this article has analyzed the characteristics of technical risks associated with commercial banks IS. On the basis of complexity and specificity analysis of the internal control system in commercial banks IS, this paper also puts forward a risk-oriented multi-level IS internal control framework for commercial banks. The main framework aims at building an internal control assessment model and hierarchical feedback mechanisms on the basis on a top-down decomposition of IS processes and risk targets.Specifically, the framework based on system theory and cybernetics, from the perspective of risk-orientation, researches on IS risk controls and implementations of commercial banks from governance level, management or technology level and operational processes level. Based on the analysis of the elements at all levels, inaccordance with the principles of goal-driven, this article achieves the hierarchical decomposition from the overall strategic goal to the specific process control objectives of commercial banks and analyzes the hierarchical feedback control mechanisms of the evaluation procedures. Among them, this article mainly focuses on the proposed IS internal control framework and its elements about the commercial banks and then discusses the internal control evaluation model and the process control model. This is a major innovational point.In the study on the IS process control model of commercial banks, this paper, mainly based on the whole life cycle of commercial banks IS and the basic business processes and the reference to the international IS internal control standards and the norms of commercial banks, proposes a the internal control model based on the hierarchical processes. The model is specifically divided into five key process domains and emphases on the key sub-processes and their factors of risk assessment under the five process domains with the establishment of corresponding measures. Thus, the model provides the necessary preconditions for the establishment of a risk-oriented internal control evaluation model.As an important part of the proposed IS internal control framework of commercial banks, the risk-oriented internal control evaluation model based primarily on the process decomposition of internal control objectives determines the levels of control objectives and its evaluation. Meanwhile the evaluation procedures are divided into individual risk assessment and comprehensive risk assessment in two stages. The article also provides the analyses and evaluations of IS key elements of the process at all levels, the process domains, risk goals and the overall goals with a variety of matured evaluation methods, in order to provide the multi-level risk assessment views, to provide an objective evaluation for further control measures and to help commercial banks maintain a balance between cost expenditures and IS control importance.In this paper, the study of risk-oriented IS internal control framework for commercial banks, uses goal-driven reverse operating principles and considers the impacts of the strategic background and external environment. The framework emphasizes on the analyses of the internal control quality and the corresponding risk ranks of IS application processes in commercial banks and establishes the link between IS application processes and the potential risks. So the feedback control mechanism based on the evaluation of internal control quality and risk ranks willprovide a link between IS application processes and strategic goals to help commercial banks' management not only to grasp the overall strategic directions but also to look at and control specific risks of key processes for ensuring the realizations of their strategies.Finally, the article also selects a typical small joint-stock commercial bank in China, provides the empirical analysis of IS internal controls and re-explains the main research results, primary innovations and the future research directions. |
PDF Full Text Request