Study On The Information Technology Risk Management System For ICBC

Through the information technology in banking, the wide application of information technology becomes the foundation and guarantee of bank operations and improving the competitive. While Information technology promoting banking development, it also makes the banking face more technical risks and once it happens, and affects the banking business continuity directly, even affects the safety of the bank. Therefore, the commercial Banks must strengthen the information technology risk management, ensure that the bank information system security, stability, effective operation, and directly related to the operation and development of commercial Banks.Icbc has recognized the importance of the information system security, and begun to bring information technology risk management into comprehensive risk management, although it has made some basic works, but still lacks overall risk management system of information technology. Based on the above, icbc needs to establish a comprehensive risk management system of information technology to improve the ability of prevention and the control of the information technology risk management and promote the realization of core-competitiveness and strategic target.This thesis will be divided into five chapters. The first chapter introduces the background, logical framework, research methods and research innovation of the thesis. The second chapter introduces the description of related research and development of information technology risk management field and the general information technology risk assessment standards and norms. In the third chapter, we investigated the current information technology risk management status of the banking industry and ICBC, and analyzed the common problems of the information technology risk management in the whole banking industry and the individual problems of ICBC, and then we proposed the construction of the information technology risk management system. The fourth chapter explains the connotation of the information technology risk management system, and designs the architecture and elaborates the purposes and meanings of the system architecture step by step. The main content of the fifth chapter is to formulate the specific implementation of system based on the architecture design. The sixth chapter summarizes the results, the significance, innovation and the insufficiency of the paper, and look forward to the future of the ICBC.The innovations of this thesis are mainly focused on two aspects. The first aspect is based on the investigation of the international information technology risk management practical standards and the analysis of the information technology risk exist in the different layers of the ICBC's overall work, and proposed a comprehensive three-layer information technology risk management architecture which including "IT Manager, IT Risk Manager and IT Audit". The second aspect is that, the detailed construction solution is defined not only based on the ICBC's development strategy, but also with the guidance of the three-layer architecture. This thesis has important theory guiding and practical referring role for the information technology risk management of ICBC and other banks.