The CD Commercial Bank IT Risk Management
|School||University of Electronic Science and Technology|
|Keywords||commercial bank IT risk risk management enterprise informationization Delphi method|
As a regional commercial bank involving from an urban Credit Cooperatives, CD bank is now covering three provinces and six cities, having more than 3,500 employees and more than 120 branches. Assets of CD bank are over hundred billion Yuan and the bank possesses relatively abundant capital. To meet the need emergencing from the challenges of internal and external business environment on business transformation, CD bank has begun to construct enterprise information systems.The frequent IT risk incidents in recent years caused by some commercial banks featuring a "mortar plus mouse" characteristic brought great losses and serious adverse effects on enterprise, the public, as well as countries. However, the full implementation of the IT risk management will cost CD bank much and will greatly divert the limit resources devoting to information technology construction.To respose the questions such as the necessity to carry out a comprehensive IT risk management in CD bank, the gap between the firm’s current IT management and control system and a mature and complete range of IT risk management system issues and the corresponding and effective solutions to existing problems, will contribute to realize potential value of information technologies within CD bank and to ensure the success of its business transformation.In the present paper, author first offered definitions about IT risk management of commercial banks and made classification based on the literature review about current situation of domestic and foreign commercial banks IT risk management. Learning from the idea of development stage enterprise information theory, author then constructed an evaluation framework using Delphi method. The framework can be used to assess information system development stage of domestic banks. Based on and employing the framework and survey data author evaluated the situation of informationization development of CD bank. The results showed that CD bank is confronting the IT risk no matter from the perspective of business process or from the perspective of management.In chapter four, based on the discussion of the need for IT risk management in CD bank and using the bank’s overall risk management framework enacted by S Provincial Banking Regulatory Bureau as a benchmark for a mature and completed IT risk and control system, this paper analysed the causes of major problems in CD bank’s IT risk management using Gap Method.Finally, corresponding recommendations and strategies were proposed to tackle the problems using CISR approach which was proposed by MIT Sloan School of Management, information technology research center. Tentative effect also devoted to construction of risk identification and evaluation framework of IT system delivery and operation. Some correspondenting solutions to IT service lasting and IT outscouring were proposed.The resuls are derived from CD bank; however, these results will also be of benefit to IT risk management of other commercial banks.