The Design And Implementation Of Bank IT Risk Management System

The rapid development of information technology improves the information level of thebank, carrying out maximize efficiency of the bank, enhancing the resistance for the financialcrisis, to some extent, it also improve the safety, reliability and validity of the bankinformation system. However, information technology, software, hardware and personnelnegligence also run hazard for the bank stability. Domestic commercial banks collect andmonitor data of information technology risk point by traditional manual method. For example,business center, the management office and the branch department of science and technologyfill in the off-site supervision statements and regulatory index, and then collecting to IT RiskManagement Department by the document system, IT Risk Management Departmentsummarizes them, and then fills again, so the process is low efficiency, the audit process isnot standard, and the tracing management is missing. In the light of IT risk management tools,on the one hand, there are many inferior departments that participate reporting, and the widegeographical distribution, which result in low efficiency and failing to guarantee aging; on theother hand, failing to realize electronic form, risk statistics analysis ability is weak, so it’sdifficult to implement risk measurement for the point of risk.In response to these problems, taking the actual demand of a state-owned commercialbanks (hereinafter referred to as Y bank) as background in this paper, On the Design andImplementation of an IT risk management system through an in-depth analysis of Y Bank ITrisk regulatory business processes and system requirements. The system, based on jBPM andSSH (Struts, Spring, Hibernate), carry out electronic filling of off-site supervision statementsand risk index and other functions, for example, audit process streamline, IT risk monitoringand measurement. Practical application shows that the system is feasible and effective.Compared with other similar systems, the paper mainly has the following characteristics:1．Completing off-site supervision statements and supervision index is an important aspectof bank IT risk data collection, it involves many departments. In this paper, author clear upthe process of filling off-site supervision statement and supervision index, and usingworkflow technology based on the jBPM to achieve process management of filling and auditprocess.2．Risk monitoring data is another important aspect of bank IT risk data collection, itcovers a wide range. In this paper, analyzing data sources of IT risk monitoring, including therisk assessment, special inspection, penetrating testing leak scanning, fault management,self-examination of each unit, establishing data model of the IT risk monitoring, and realizing the collection of IT risk monitoring data by virtue of combing external systems interface.3．Data processing and graphical display of the bank IT risk is an important function ofmanagement system. In this paper, based on the JFreeChart chart technology, designing andachieving a statistical reporting system of banking IT risk.