操作风险管理视角下的商业银行信息科技风险管理研究

现代商业银行对信息科技的高度依赖,使信息科技风险越来越成为银行风险管理的重要内容.本文利用操作风险管理的框架和工具,对信息科技风险的识别、计量、监测和控制等进行研究.本文认为在信息安全管理的基础上,利用操作风险管理的方法,有助于从全面风险管理的角度对信息科技风险进行有效管理.     

银行信息系统应急管理浅析

信息科技风险已成为瞬间导致银行瘫痪的唯一系统性风险。银行信息系统的应急管理日益受到银行科技部门重视。本文简析银行信息系统应急管理中的主要问题和改善应急管理工作的思路。     

商业银行IT外包风险研究

0引言
　　2010年月,中国银监会出台《银行业金融机构外包风险管理指引》,初步制定了对金融机构服务外包的风险管理政策。2012年10月,中国银监会继续对商业银行下发《银行业金融机构信息科技外包风险管理指引（征求意见稿）》,其中指引中明确信息科技的外包风险主要是指在外包过程中引发的银行科技中心科技能力丧失、银行业务中断、银行信息泄露和银行服务水平下降等,并有可能导致银行业金融机构的战略、声誉、合规等风险,并进一步对商业银行信息技术服务外包如何加强风险管理提出了具体要求。因此,研究我国商业银行 IT 外包风险管理具有非常重要的现实意义。     

银行电子化的非技术风险

在计算机网络广泛应用于银行业,对银行信息技术改造、创新银行业务和加强规范银行业管理的过程中,电子化银行面临的金融风险是多方面的综合性风险,有多种多样的表现形式,其中非技术风险主要有以下几类。     

商业银行敏感数据识别与风险分析

有效识别商业银行的敏感数据,分析敏感数据在传输与存储等过程中可能存在的泄漏风险,对于制定有针对性的数据安全保护策略有极其重要的意义。在对我国商业银行信息系统充分调研的基础上,提出一种面向安全标的的敏感数据识别方法,对商业银行应该重点保护的敏感数据进行分类识别,并采用全生命周期信息风险防范与控制的方法,分析银行金融系统由于研发过程中设计考虑不充分而导致系统运行过程中可能面临敏感数据信息泄露的风险,结合监管部门、银行行业管理规范及银行机构实际情况,提出商业银行敏感数据保护与控制的建议,为商业银行建立敏感数据安全保护控制相关管理制度和措施奠定必要的基础。     

银行信息化的奥运冲动

伴随2008北京奥运会的日益临近,国内商业银行,尤其是为奥运服务的银行,都在做应急管理、灾备预案的工作。奥运对银行的安全性和可靠性的高标准要求,不仅对银行信息科技风险管理提出了挑战,也为其健全和提高管理能力创造了机会。     

综合经营利于化解利率风险

从2004年开始,我国金融监管机构对贷款利率的管制进一步放松,这不仅意味着我国利率市场化的进程加快了,也意味着我国银行面临的利率风险在不断加大。 利率风险是指利率发生不利的变化而使银行的财务状况变差或使银行遭到损失的可能性。严重的利率风险会危及银行的资本基础。而实行综合经营,却有助于银行有效地进行利率风险的管理。 所谓综合经营是指商业银行不仅能经营存款业务、贷款业务、结算业务、汇兑业     

银行信息系统中操作风险管理的框架

通过信息系统来加强对操作风险的管理越来越受到银行界的重视,总结了目前银行信息系统建设中在操作风险防范方面存在的问题,分析了银行信息系统中操作风险管理的需求。提出了一种基于全流程的银行信息系统操作风险管理的框架,阐述了交易前、交易中、交易后三个组成模块的具体功能和实现要点,最后说明在某大型商业银行的实践情况。该框架从操作风险控制的全局归纳出了共性的控制点,设计了主要的风险控制流程环节。     

我国商业银行信息安全的风险评估及控制

我国商业银行进入了快速发展的时代,其金融业务有了各方面的拓展。但是银行对信息系统的高度依赖,也使商业银行的信息安全存在一定风险。因此,加强信息安全信息风险的研究,寻找信息安全风险控制的方法具有重要的意义。本文就从商业银行在现代经济中的重要作用、我国商业银行信息安全存在的风险和一些解决控制的方法做出了一些简单的介绍。     

我国商业银行效率及其内控风险因素分析

入世以来,商业银行之间的竞争日益激烈,金融市场监管的不成熟与银行的政策依赖性不断显现,国内银行业正面临多重考验。为提高我国商业银行的效率,运用DEA方法对我国14家商业银行的技术效率和规模效率进行测度,再建立计量模型对影响我国商业银行效率的内控风险因素进行实证分析。研究发现：贷存比与银行的技术效率之间呈负相关关系;资产收益率与银行技术效率显著正相关;权益比率对银行的技术效率影响有正相关关系;银行资产规模与银行技术效率存在较为微弱的负相关关系,影响银行内控风险的主要因素为银行的资产收益率与银行资产规模。基于上述结论,为降低银行内控风险,建议落实降低不良贷款规模,努力发展中间业务,加强金融产品创新,选择合适的经营规模等政策。     

The interstitiality of IT risk: An inquiry into information systems development practices

Information systems development (ISD) has been part of the core of information systems for over 40 years. Throughout its history, the issue of risk has been closely related to ISD projects, and significant efforts have been made by researchers and practitioners to improve their quality. While important headway has been made in assessing and resolving ISD risk, the literature shows that new and salient risks emerge outside the scope of extant risk management regimes. As a consequence, organizations still struggle with leveraging new technology as projects continue to fail at almost the same rate, albeit for different reasons. Understood as the distinction between reality and possibility, risk is inherently intertwined with practice and rooted in the knowledge, goals, power, and values of specific actors in particular contexts. Hence, to understand how risks emerge, we present a longitudinal case study in which we trace the origin and locus of risks in contemporary ISD practices. We draw on these insights to theorize information technology risk as increasingly interstitial, originating from sources positioned in between established practices and therefore outside the scope of conventional risk analyses. In conclusion, we discuss interstitial risks as an important form of emergent risk with implications for both research and practice.     

电子文档的风险管理问题研究

电子文档的安全管理工作意义重大,特别是在电子信息技术深入发展的今天,电子文档的信息安全问题越来越突出。电子文档的风险管理首先应该从认知其风险特点及性质入手,只有了解了电子文档的风险种类,才能在实际工作中有效规避电子文档的安全隐患。     

Measuring dimensions of perceived e-business risks

The risks to e-business from breaches of security and privacy are well known. However, research has given very little attention to other important e-business risks. Using a socio-technical approach, in this study we survey a diverse sample of almost 200 participants to rate their perception of 16 e-business risks, compiled from the research and practitioner literature. Strategic risks, organizational risks and e-business policy risks emerged as the three underlying dimensions of e-business risk. In terms of the socio-technical model, strategic risks focus on the actor-structure component, and policy risks focus on the task-structure component. Organizational risks cover a wide spectrum of socio-technical components such as technology, actor-technology, technology structure and task-actor. The main contribution of this study is a multi dimensional scale of e-business risk perception. Practitioners can benefit by focusing their risk management efforts on the three dimensions of e-business risk, which are easier to manage than a long checklist of unrelated risks. Researchers benefit from a raised awareness on the importance of strategic and organizational risk factors in addition to policy risk factors for e-business risk management. A model that incorporates the three dimensions of e-business risks and shows theoretically based relationships with control mechanisms, trust, perceived uncertainty and profitability is proposed for testing in future research.     

Risk management for laboratory automation projects

This tutorial outlines some of the common risks that may be associated throughout the development and implementation of a laboratory automation project such as a laboratory information management system (LIMS) or another automation project. It presents a scheme for undertaking risk management to help assess and mitigate the degree of risk associated with each of these factors. In the case of high-risk factors, suggestions are presented to manage or help avoid the problem.Risk management is an ongoing process. It begins at the start of a project and should be reassessed at intervals throughout the project to re-evaluate existing risks and to see if any factors have changed or new ones have emerged.     

Comparing senior executive and project manager perceptions of IT project risk: a Chinese Delphi study

The success rate for information technology (IT) projects continues to be low. With an increasing number of IT projects in developing countries such as China, it is important to understand the risks they are experiencing on IT projects. To date, there has been little research documenting Asian perceptions of IT project risk. In this research, we examine the risks identified by Chinese senior executives (SEs) and project managers (PMs), and compare these two groups. The importance of top management support in IT projects is well documented. Prior research has shown that from the perspective of IT PMs, lack of support from SEs is the number one risk in IT projects. Surprisingly, senior executives' perceptions towards IT project risk have never been systematically examined. One reason why lack of support from senior executives continues to represent a major risk may be that senior executives themselves do not realize the critical role that they can play in helping to deliver successful projects. In this study, we use the Delphi method to compare the risk perceptions of senior executives and project managers. By comparing risk factors selected by each group, zones of concordance and discordance are identified. In terms of perceived importance ascribed to risk factors, PMs tend to focus on lower‐level risks with particular emphasis on risks associated with requirements and user involvement, whereas SEs tend to focus on higher‐level risks such as those risks involving politics, organization structure, process, and culture. Finally, approaches for dealing with risk factors that are seen as important by both SEs and PMs are provided.     

知识图谱在商业银行风控领域的研究与应用综述

伴随金融创新大潮,商业银行开始应用智能技术解决风控领域问题。在金融风险尤其是银行客户信用风险日益多样化的背景下,提升商业银行的风险管理能力已是刻不容缓。针对风险传播具有连锁反应的特点,可选择利用知识图谱技术鉴别和监控风险。知识图谱使用图数据结构描述客观事物及其相互之间的关系,对于大规模知识的管理和应用表现得游刃有余。以传统风控模式存在的局限性为引,介绍了风控领域知识图谱的概念与架构,归纳了知识抽取、知识融合、知识推理这几种风控领域知识图谱关键构建技术的研究现状,最后介绍风控领域知识图谱的具体应用,并总结和分析未来发展趋势。     

Workshop-based methodology to understand the risks in grain export inspection and certification

Much of the human factors contribution in risk assessment and risk management has been focused on systems or product safety; the profession has a much smaller research base regarding risks to do with regulation, certification and public policy, for example. This paper discusses an explicitly human factors contribution to understanding and managing risk for the inspection and export certification of grain and plant products in Australia. Training and awareness workshops, incorporating elements of focus groups, were run for 12 groups of staff and managers from the government department concerned. As well as training in risk management the workshops were used to come to an understanding of the work of the inspectors and other staff, to identify the sources of risk to the successful completion of their work and to develop the basis for a risk assessment framework and tool. The paper is methodological in focus and describes the development and running of the workshops and explains how a human factors oriented risk register was developed on the basis of identification of potential threats and errors in the system. Whilst the contribution of ergonomics is increasingly important as regards safety risk assessment, professionals have been less active as regards business, public policy and even engineering risk. This paper describes an approach within which a new domain was studied and the risks of all kinds identified, preparatory to development of a risk assessment tool.     

An empirical study on the implementation and evaluation of a goal-driven software development risk management model

ContextBuilding a quality software product in the shortest possible time to satisfy the global market demand gives an enterprise a competitive advantage. However, uncertainties and risks exist at every stage of a software development project. These can have an extremely high influence on the success of the final software product. Early risk management practice is effective to manage such risks and contributes effectively towards the project success.ObjectiveDespite risk management approaches, a detailed guideline that explains where to integrate risk management activities into the project is still missing. Little effort has been directed towards the evaluation of the overall impact of a risk management method. We present a Goal-driven Software Development Risk Management Model (GSRM) and its explicit integration into the requirements engineering phase and an empirical investigation result of applying GSRM into a project.MethodWe combine the case study method with action research so that the results from the case study directly contribute to manage the studied project risks and to identify ways to improve the proposed methodology. The data is collected from multiple sources and analysed both in a qualitative and quantitative way.ResultsWhen risk factors are beyond the control of the project manager and project environment, it is difficult to control these risks. The project scope affects all the dimensions of risk. GSRM is a reasonable risk management method that can be employed in an industrial context. The study results have been compared against other study results in order to generalise findings and identify contextual factors.ConclusionA formal early stage risk management practice provides early warning related to the problems that exists in a project, and it contributes to the overall project success. It is not necessary to always consider budget and schedule constraints as top priority. There exist issues such as requirements, change management, and user satisfaction which can influence these constraints.     

如何化解云计算的潜在风险

随着云计算技术的快速发展和更广泛应用,云计算的潜在风险越来越受到关注。文章介绍了云计算的应用现状及重要特点,分析了云计算存在的风险,从技术的角度对云计算的潜在风险进行分析。     

How the user liaison's understanding of development processes moderates the effects of user-related and project management risks on IT project performance

Managing risks in information technology projects is a prime concern for both researchers and practitioners. However, little is known on how key project-based knowledge, such as the user liaison's understanding of development processes (ULUDP), affects the relationship between risk and performance. Using quantitative data collected from 63 completed projects, ULUDP has been empirically proven to weaken the negative effects of user-related and project management risks on product performance. Although the effect of the project management risk on performance remains negative, this effect decreases significantly with high levels of ULUDP, whereas user-related risk affects performance insignificantly in such situations.