source: China time: June 12, 2019 15:31:13 browsing: 1961 times        time: June 12, 2019 15:31:13   in recent years, modern information technology, represented by artificial intelligence, blockchain, cloud computing, big data and Internet of things, has been booming. Because of the high dependence on information data, the financial industry is increasingly integrated with modern information technology to accelerate financial innovation. Innovative Internet Finance and virtual economy are changing from all aspects           in recent years, the modern information technology represented by artificial intelligence, blockchain, cloud computing, big data and Internet of things is booming, and the financial industry is highly dependent on information data, and the integration with modern information technology is deepening, accelerating financial innovation. Innovative Internet Finance and virtual economy are changing the original face of finance from all aspects, and behind this is the strong support and promotion of information technology. With these changes, the pressure of information technology and information system risk management is gradually increasing, and the importance of it audit is more prominent than before. In this environment, to cope with the increasing it risk through it audit transformation, how to choose the path is an urgent issue for the traditional banking industry to study and solve. According to the current situation of financial technology development, this paper analyzes the IT audit aspectsIn the face of the challenges, this paper tries to find a suitable path for the transformation of it audit in traditional banking industry, and puts forward the measures after the path selection, in order to provide some reference and reference. I. Introduction      since the 1980s, information technology has increasingly become one of the core driving forces for the reform and development of the financial industry. Every innovation and large-scale application of information technology has profoundly changed the face of the financial industry, from computers, distributed systems, data centralization to the Internet and mobile computing. At present, a new generation of financial technology has sprung up, and Internet finance is under threat. Big data, cloud computing, blockchain, Internet of things, artificial intelligence and other technologies are increasingly embedded in all aspects of the operation of the financial industry, changing the rules of the game and business model of the whole industry, forcing the traditional banking industry to adapt to the new financial ecology through continuous scientific and technological innovation. The deep integration of banking business and emerging technology makes it risk more concentrated and more prominent than ever before. At the same time, it puts forward higher requirements and new challenges to the departments that perform it risk audit function in traditional banks. 2. Overview of the current situation of financial technology in traditional banking industry in China      financial technology refers to the financial innovation through new technology, which can create new models, processes, businesses and products, have a significant impact on the services and models provided by the financial market, and profoundly change the service and operation pattern of financial institutions. At present, financial technology, which has a great impact on the financial market, is mainly concentrated in five areas: basic platform, including big dataData, cloud computing, Internet of things, blockchain and smart contract; payment and settlement field, including mobile and online payment, e-money; network financing field, including equity crowdfunding, P2P online loan; investment management field, including intelligent financial management, intelligent investment consultant; customer service field, including intelligent terminal, intelligent customer service, intelligent bank, etc. Under the background of the traditional banking industry's urgent need to find new profit growth points, financial technology has shown great advantages in improving efficiency and reducing costs. In order to make up for the shortcomings and enjoy technical dividends, traditional banks have actively introduced the latest financial technology into their management activities. Financial science and technology innovation is mainly manifested in the following aspects. (1) using big data technology to enhance comprehensive competitiveness      big data technology not only changes the value subject of commercial banks, data assets show important value, but also changes the way of product design, business decision-making and risk control of commercial banks. On the one hand, by mastering customers' transaction records, credit records, investment habits and other information data, and making statistics and modeling at the same time, we can understand customers' financing habits, consumption ability, risk preference, contribution to the bank and other information from multiple dimensions, help banks design products and flexibly adjust marketing strategies, so as to provide more complex financial services for customers. On the other hand, through the analysis of multi-channel big data such as credit information data, transaction data, social data and default records, we can effectively improve the level of risk management and enhance the ability of case prevention. China CITIC Bank is based on big businessData realizes almost real-time second level marketing; CCB judges customers' loan qualification by analyzing customers' behavior data on business platform; Agricultural Bank establishes anti money laundering monitoring system by using big data platform to realize real-time monitoring of terrorism.  (two) has entered the field of payment and settlement. Short listed companies such as WeChat, Alipay and other Internet financial companies have taken advantage of the traditional advantages of banks by creating O2O's payment products, . The combination of these products with social networking has changed customers' payment habits. Traditional banks have gradually realized that the amount of individual payment is large and wide, which is an important entrance to the development of individual customers. Through the entrance of payment, it will have a series of impact on the bank's deposit, loan, financial management and other marketing ecology. If we do not make efforts to catch up and make up for the short board, the bank will only undertake the business channel function in the future, and will be more and more distant from individual customers. In order to cope with the challenges brought by non banking institutions, traditional banks have launched cloud flash payment series products and code scanning payment products, forming a competitive situation with non banking institutions. For example, China Construction Bank has launched the "dragon payment" product; Agricultural Bank of China has launched the "fast e-payment" product; UnionPay has formulated the unified standard of two-dimensional code payment, forming the "universal networking" of two-dimensional code payment. (3) with the help of artificial intelligence to improve service level      artificial intelligence can effectively improve production efficiency and reduce costs through the simulation of human intelligence process by machine or computer system, which is an important scientific and technological means for the transformation and development of traditional banking industry. The application of artificial intelligence in customer identification, intelligent customer service, intelligent investment consultant and intelligent customer serviceEnergy bank has been widely used. In terms of security services, banks have launched the application of biometrics in customer identification. For example, Agricultural Bank of China has realized cash withdrawal by brushing face on ATM; Minsheng Bank has launched iris payment. In terms of convenient services, on the basis of big data, explore the use of artificial intelligence to form more efficient financial solutions. For example, Shanghai Pudong Development Bank launched "financial intelligence robot", which mainly provides online asset allocation services for high-quality customers; China Merchants Bank launched "Capricorn smart investment", which is an intelligent fund portfolio allocation service based on public funds. In terms of artificial substitution, traditional banks fully tap the potential of artificial intelligence in reducing human cost, and actively promote artificial intelligence technology in counter trading, back-end customer service and other fields. For example, the super counter launched by the Agricultural Bank of China can complete more than 90% of the manual counter operation; the voice navigation intelligent customer service system established by the industrial and Commercial Bank of China can effectively reduce the pressure of manual agents and improve customer satisfaction and experience. (4) research and explore emerging technologies to adapt to future formats       although emerging technologies such as blockchain, cloud computing and Internet of things are still in the period of technological development and improvement, there are still some constraints and problems to be solved at the legal level, technical level and application level, and it is still difficult to evaluate the bank's business model and revenue in the short term It's too much of an impact. But in the long run, with the continuous development of the above technology and entering a mature period, it will have a profound impact on the business model of commercial banks in the future. It is based on the above understanding that domestic banks take the initiative to develop new technologiesWe should conduct follow-up research, timely discover business scenarios with large application space of emerging technologies, improve our own product design ability, and develop innovative products with market influence. In terms of blockchain, postal savings bank of China, Zheshang Bank and China Merchants Bank have realized the transformation based on blockchain technology in the fields of asset custody, mobile digital bill products, global cash management and cross-border payment. In terms of cloud computing, the infrastructure cloud platform built by ABC is an attempt of private cloud infrastructure layer (IAAs) technology. In the aspect of Internet of things, Ping'an bank applies Internet of things technology to inventory movable property financing business. With the help of Internet of things sensor equipment and technical solutions, it intelligently identifies, locates, tracks and controls inventory and other movable property, thus changing the management mode of movable property. It audit is an activity to review and evaluate the internal control and process of information system and information technology. Its purpose is to reveal the risks and problems existing in the management and operation of information technology, to evaluate the achievement of information technology management objectives, and to promote the improvement of information technology management level. With the vigorous development of financial technology and Internet finance, the information technology department and information technology work of commercial banks have become the core competitiveness of the organization. Information technology has changed from the means and tools of business development to the basic platform to support the transformation and upgrading of the banking industry. With the deep integration of emerging technology and banking business, the prevention and control of information technology risk is more important than ever When will be more important and the pressure will increase further. It audit as the main means of risk prevention and controlJi is also on the cusp of the storm, facing increasing challenges. (1) the personalization of financial technology brings challenges to information security      under the background of the development of financial technology, financial consumers show more distinctive financial demand characteristics. At the same time, with the application and popularization of big data, the cost of banks to provide personalized and customized financial services is also significantly reduced. Under the combined effect of internal and external factors, banks must provide personalized and customized financial services to improve customer stickiness and revenue. The corresponding is the processing, transmission and preservation of massive customer information, transaction information, electronic footprint and other sensitive data. The anti tampering and anti leakage of these key data is one of the important contents of information technology risk control. How to evaluate and improve the ability of the organization to protect information security and protect the rights and interests of consumers is a great challenge to it audit. (2) the networking of financial technology brings challenges to network security      the development and popularization of the Internet and mobile Internet are the cornerstone of this round of financial technology development wave, and also the characteristics of this technological revolution. It is the networked digital environment that enables the development and application of emerging technologies such as big data, cloud computing and artificial intelligence. At the same time, it also further promotes the network channel to become the main service channel of banks and the lifeline of banking business operation. It is necessary to ensure that the hardware and software of the network system and its data are protected from damage due to accidental or malicious reasons. Therefore, network security is the top priority of bank information technology risk prevention and controlIt audit is also an area that it audit must focus on. (3) the systematization of financial technology brings challenges to operation and maintenance security      under the current background of financial technology, all traditional commercial banks are committed to transforming to the role of integrators in the integrated service ecosystem, building an ecosystem with banks as the center, fully integrating products, services, channels, backstage and other resources, and striving to promote the development of commercial banks Integrated financial services are seamlessly embedded in various scenarios of the ecosystem. What follows is the construction and integration of many internal business systems. Both the coupling degree between systems and the complexity between systems are increasing day by day. The in-depth systematization will inevitably bring unprecedented security operation and maintenance pressure. The requirements of business continuity test the IT operation and maintenance ability of the information technology department at any time, as well as the performance ability of risk prevention and control of the IT audit team.                                            Data judgment instead of experience judgment, machine management instead of manual operation has become an important development trend. With the development of intelligent bank information system, it is bound to introduce the endogenous risk of new technology. At the same time, the integration of multi technology, multi architecture and multi system also makes the logic implementation of the system more complex and the application risk more prominent. It is very important to establish an effective system application control process,Strengthening the risk monitoring level of new technology application puts forward higher requirements, but also puts forward higher requirements for it audit. (5) the agility of financial technology brings development security challenges      under the background of the subversive rapid development of financial technology, flexible and agile innovation service ability has become the key factor to help commercial banks adapt to customer needs, attract high-end talents and improve market competitiveness. Agile innovation forces the banking financial institutions to make a transformation in the R & D of it projects, that is, from the traditional waterfall R & D mechanism to the R & D mechanism with equal emphasis on agile iterative R & D, which brings about a deep change in the R & D management mode of it projects. This transformation is bound to have a profound impact on a series of management activities such as project management, code security and quality control, and also poses new challenges for it audit to adapt to relevant changes. Fourth, the path selection of it audit transformation      from the above-mentioned challenges, we can see that in order to adapt to the development trend of financial technology and effectively prevent and control the growing potential risks of information technology driven by innovation, we must further strengthen the role of it audit, change our thinking and speed up the transformation of it audit. The first thing to be solved is the problem of path selection. (1) the essence of financial technology      at present, there are many versions of the definition of financial technology, and different countries, organizations and institutions have given their own definitions. The National Economic Commission of the United States defines financial technology as "covered by financial technology"There are different kinds of technological innovation, and this kind of financial innovation affects all kinds of financial activities. "The definition of the International Securities Regulatory Commission is" refers to all kinds of innovative business models and emerging technologies that have the potential to change the financial services industry. "KPMG is defined as" non-traditional enterprises use science and technology as a sharp knife to enter the financial field, use more efficient scientific and technological means to seize the market and improve the financial competitiveness. " Service efficiency and better risk management ". Although the above definitions are expressed differently, they all refer to three meanings: finance, technology and integration. Finance and science and technology are two essential elements of financial science and technology. Science and technology is an important carrier of financial science and technology. Financial science and technology cannot be separated from the penetration and integration of Finance and technology. But more importantly, the essence of financial science and technology is finance. It is meaningless to separate financial science and technology from financial foundation. Therefore, the research on the prevention and control of financial technology risks must also focus on the prevention and control of financial activities themselves, that is, the risk control system of traditional banks. (2) analysis of the relationship between it and bank risk control system      the relationship between it and bank risk control system mainly involves two aspects, one is the risk control of information system itself, the other is the risk control of business operation. 1. Information system risk control. The risk control of information system is determined by the attributes of information system itself. According to ISACA (Information Systems Audit and Control Association, international information systems audit and Control Association))The IT risk categories summarized by COBIT (controlled objectives for information and related technology) system mainly include IT governance, it operation and maintenance, and it development and testing, as shown in Figure 1. 	      Figure 1      Information Technology Governance involves the establishment of information technology governance mechanism to meet the development needs of modern commercial banks, strengthening the role of shareholders, board of directors, board of supervisors and senior management in the process of information strategy decision-making, implementation and supervision, improving the information technology organizational structure, and establishing and perfecting information technology risk management To ensure the rapid and healthy development of the organization's information construction, it is necessary to manage the system and performance appraisal mechanism, reasonably allocate the information technology resources.     system development testing involves optimizing, perfecting and standardizing the software development process according to the standard framework, controlling the risks of planning, requirement analysis, design, programming, testing, production and version management, improving the quality management level of software products, improving the implementation efficiency of information technology projects, and improving the quality of information systems Maturity and stability.     the contents of system maintenance include: according to the requirements of integrated operation and maintenance, referring to service management standards, controlling the risks of infrastructure management, application software and data change management in the process of operation and maintenance of production system, and monitoring the safetyThe whole production situation and risk points are tracked to ensure business continuity and improve the automation and informatization level of production operation and technical service support.     the above contents are the traditional IT audit category and the main battlefield of it audit at present.     2. Business operation risk control      the business operation risk control of banking financial institutions refers to the internal control organization system of institutions, that is, the "three lines of defense" system. This institutional arrangement originated from the "guiding principles for strengthening internal control of financial institutions" promulgated by the people's Bank of China in 1997, which plays an important role in strengthening internal control, resisting business risks and preventing and controlling cases.     the first line of defense is the front-line post supervision, which refers to the formation of a risk control defense line of "self-discipline" and "incompatible post separation" to control the deviation of operation by establishing a working mechanism in which different posts in business organizations perform their duties, assume their responsibilities and restrict each other. In this line of defense, it will control the business risk in the first time, and the information systems involved are mainly core banking system, real-time trading system and accounting processing system.     the second line of defense is the self-discipline and due diligence supervision and control of each functional department. Among them, due diligence supervision is the main body of the second line of defense, which refers to the management behavior that each functional department monitors, checks, supervises and corrects the subordinate counterpart departments and their operation and management activities according to the division of responsibilities. Specifically speaking, it means that all departments will integrate this line and related departmentsThe actual work situation of the functional departments at level 1 is compared with the objectives, plans and standards, and measures are taken to correct the deviation, so as to realize the management activities of the development objectives. In order to effectively perform the above regulatory functions, all functional departments must rely on information systems to improve management efficiency. The support of information technology is particularly important, mainly involving a large number of management information systems.     the third line of defense is mainly responsible for supervising the self-discipline and due diligence supervision of functional departments. This kind of supervision includes the coordination and supervision of the internal control department, the re supervision of the internal audit department and the post supervision with the supervision department and the security department. In the face of huge business and massive data supported by information technology, effective risk prevention needs more support from information technology. In other words, the quality of internal control audit information system directly affects the audit quality and the effective performance of regulatory functions. Internal control audit information system is usually composed of multiple information systems. It includes not only the narrow sense of off-site audit information system, but also the broad sense of any information system that can be used by audit.     the relationship between business operation risk control and information technology is shown in Figure 2. 				      Figure 2     (2) the path selection of it audit transformation       at present, the focus of it audit of banking financial institutions is mainly on the risk prevention field of information technology itself, focusing on the audit supervision of information technology governance, system development and testing, and system operation and maintenanceFrom the description of the relationship between information technology and risk control, we can see that this is far from meeting the new requirements of it audit in the financial technology environment, and there is no effective IT audit supervision mechanism and audit coverage in the three lines of defense of risk management. Therefore, to further strengthen the role of it audit, it is necessary to deepen it audit by combining it audit with business risk control.     firstly, we should strengthen the combination of it audit and off-site audit. Through it audit to promote the breakthrough and development of off-site information system, so as to improve the level of off-site audit technology, effectively speed up the upgrading of audit tools, improve the efficiency and quality of audit, and provide a strong guarantee for the performance of internal control audit function under the financial technology environment. Secondly, it audit should be combined with business. This is not only the objective necessity of IT environment under the new normal of financial innovation, but also the subjective necessity of it audit development. Only by firmly grasping the business as the starting point, stepping up the exploration of the combination of it audit and business, and seeking innovation and breakthrough in the system and methods, can we grasp the strategic opportunity of it audit transformation, further strengthen the role of it audit, and meet the challenges of the financial technology era with a more comprehensive attitude.     to do a good job in the combination of it audit and off-site and it audit and business is the expansion space of it audit and the development direction of transformation, that is, to "expand Xinjiang"; at the same time, to consolidate the traditional IT audit field and strengthen the strength of it audit is to "consolidate the foundation" and to "consolidate the foundation and expand Xinjiang", that is the goal of banking industryIt audit transformation path selection of financial institutions. As shown in Figure 3. 							      Figure 3       v. measures after path selection     (1) "capital consolidation" is the foundation       consolidating the foundation of traditional IT audit and strengthening it audit is the physical basis of strengthening it audit under the new normal of financial technology. At the management level, one is to improve the strategic position. Combined with the reality of it audit, enhance the strategic position of it audit in the field of internal audit. In the upper design of the audit system, we should strengthen the relevant content of it audit, and do a good job in the development planning and audit plan of it audit. Second, improve the audit procedures. Combined with the actual changes of information technology, strengthen the design of audit procedures, and promote the refinement level of audit project management. In order to improve the integrity and operability of the audit process, we should further clarify and improve the relevant data acquisition, evidence locking, quality control and other processes. Third, strengthen human resource management. Pay attention to team building, formulate it audit human resource strategic planning, actively promote the construction of learning organization, and establish an effective performance appraisal mechanism. At the same time, reasonable use of external audit resources, through cooperation and knowledge transfer, is conducive to the improvement of internal auditors' audit ability and quality. At the technical level, one is to improve the audit technology. The traditional audit technology with low technical difficulty and relatively mature application is solidified and strengthened, and the technical curve is highIn order to improve the adaptability of emerging technology, we need to focus on the research and breakthrough of the relatively weak audit technology. Second, innovative audit methods. This paper analyzes and refines the valuable experience gained in the practice of it audit, at the same time, widely draws on the advanced research results, encourages innovation, and speeds up the practice and application of innovative audit methods. Third, strengthen the audit in key areas. According to the characteristics of financial technology, priority should be given to strengthening the audit of information security, network security, R & D and testing, which involves a wide range of emerging technologies, deep application level and great risk impact in the field of information technology management, so as to adapt to the changing risk control environment.    (2) "expansion" is the key       the extension of it audit to the field of business operation risk control is the key to realize the transformation path of it audit, and also the key to effectively play the function of it audit risk management. "Expanding Xinjiang" includes two directions: combining with off-site audit and business.     1. Combined with off-site audit.     off site audit is an important means to improve the efficiency of audit supervision and enhance the audit level. Off site audit system or audit information platform is a system composed of multiple information systems and an important embodiment of enterprise information technology level. It audit should promote the strategic position of audit information platform in the organization through its own supervision function, and then establish the core of audit information platform in the enterprise information systemIn addition, it also establishes an independent audit data platform with advanced technology based on the trend of big data. At the same time, through the effective exertion of it audit's supervisory role in the development of internal information system of an organization, we can get a direct opportunity to implant audit requirements into the information system. In the process of information system construction and development, audit needs are taken as an important source of user needs to be valued and utilized. In the process of system implementation, audit needs are optimized, audit interfaces are reserved, and operation functions are enriched, so that the audit data structure is clear, the correlation is simplified, and the audit functions are automatic, comprehensive, intelligent and fast, which greatly improves the efficiency of audit information platform Ease of use and adaptability strongly support the smooth development of internal control audit activities.     combine with business.     the combination of it audit and business focuses on strengthening the audit of information technology in the process of business risk control. It application control audit is the best audit carrier in business process level. According to the definition of internal audit standards, application control refers to the information technology control designed and implemented in business process level in order to reasonably ensure the accuracy, integrity and timely completion of business data generation, recording, processing, reporting and other functions of application system. The audit of application control at business process level should consider the control activities related to data input, data processing and data output. Due to the high level of application control audit technology and the difficulty of implementation, it of banking financial institutions shouldCompared with the traditional audit of general control of it, the application control audit is not mature and popular enough. However, as an important direction of it audit transformation, the application control audit can only be further strengthened. One is to strengthen theoretical reserves. Theoretical reserve is to examine and lead it application control audit from a higher perspective, and to consider it audit and business combination from the overall situation of organizational risk control. At the same time, it studies and draws lessons from the advanced audit theories at home and abroad, and carries out localization transformation in combination with the actual situation of the organization, so as to speed up its application in the field of it audit and business combination. Second, actively accumulate and sum up experience. Gradually carry out it application control audit, make full use of audit results, extract ideas and practical experience combined with business, summarize and solidify innovative audit methods and processes, so as to facilitate the use and promotion in the follow-up application control audit. Third, dare to make innovations and breakthroughs. To integrate IT audit into business, innovating audit ideas and methods is an important means and a necessary condition to strengthen the role of it audit. We must take experience accumulation as the basis, theory reserve as the driving force, innovation as the goal, speed up the pace of combining it audit and business, and provide a strong audit supervision guarantee for the organization of information technology risk management under the background of financial technology. At present, it audit transformation of banking financial institutions is an inevitable choice for organizations to adapt to the ever-changing financial technology risk environment and enhance their ability of risk prevention and control. dependentThe transformation direction must consider the development characteristics of financial technology and the nature of financial business, combine with the actual situation of the organization, consolidate the traditional IT audit supervision function, and further strengthen the audit strength in the fields of information security, network security and project development. What is more important is to speed up the integration of it audit and banking business, strengthen the in-depth research and application of IT application control audit, supplemented by the support of advanced information audit tools, so as to create a new IT audit system that meets the requirements of financial technology risk control, and effectively improve the audit performance ability. (author unit: Zheng bin, Chengdu Branch of Audit Bureau of Agricultural Bank of China)       References:      1. Zheng Xin. Analysis and Discussion on "three lines of defense" of internal control of commercial banks [J]. Research on rural finance,         (2011): internal audit of IT Department of China Commercial Bank (j-42)                215   0                       < return list                         Related links   previous article: three points and three lines of Ideological and political work in enterprises in the new era  next article: how to design a "micro party class"        copyright notice         (1) the graphic and video information published and reproduced on this website only represents the author's personal views, and its originality and content have not been confirmed by this website, so it is only for readers' reference. 	(2)Due to the content, copyright and other problems of the works, please contact us with the ownership certificate. We will correct and delete them in time.  (3) excellent manuscripts will be released in the platform of the people's website, Sohu, 100 official account, WeChat public number and other platforms.

トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2021-06-11 (金) 18:20:45 (180d)