信息技术管理2019年2月

银行开展信息技术审计的现状、难点及策略思考
王翎艳
(中国农业银行审计局成都分局,四川 成都 610043)

摘  要:银行信息技术审计是由其相对独立的内审部门,通过对信息系统及信息科技内部控制和流程的审查,揭示信息科技管理和操作中存在的问题,并评价信息科技管理目标实现情况,从而判断信息系统能否保证组织的资产安全、数据完整、支撑业务发展且风险可控,进而采取措施促进信息科技符合组织战略目标。从目前已开展的信息技术审计项目实施情况看,其中存在一系列制约信息技术审计有效实施的难点和问题,因此,需要在实践中不断提升应对策略以对其进行改进和完善。本文在分析银行信息技术审计实践的现状和难点的基础上,对有助于提升审计质量的信息技术审计策略做了较为深入细致的探讨。


关键词:信息技术风险管理;信息技术审计;审计策略



中图分类号:F239.1         文献标识码:A         文章编号:2096-4706(2019)02-0194-03


Current Situation,Difficulties and Strategies of Information Technology Audit in Banks
WANG Lingyan
(Chengdu Branch of Audit Bureau of Agricultural Bank of China,Chengdu 610043,China)

Abstract:Information technology audit of banks is a relatively independent internal audit department. Through reviewing the internal control and process of information system and information technology,it reveals the problems existing in the management and operation of information technology,and evaluates the achievement of information technology management objectives,so as to judge whether information system can guarantee the safety and number of assets of an organization. According to the integrity,support business development and risk control,and then take measures to promote information technology in line with organizational strategic objectives. From the current implementation of information technology audit projects,there are a series of difficulties and problems that restrict the effective implementation of information technology audit. Therefore,we need to constantly improve the response strategies in practice to improve and perfect them. Based on the analysis of the current situation and difficulties of bank information technology audit practice,this paper makes a thorough and detailed discussion on the information technology audit strategy which can help to improve the audit quality. 

Keywords:information technology risk management;information technology audit;audit strategy


参考文献:

[1] 吴晶. 等级保护“安全审计”应用实现 [J]. 信息网络安全,2013(8):6.

[2] 林乐宇,刘磊,王石,等.MUIS:一种新型的多领域信息共享联盟系统及其应用 [J]. 计算机研究与发展,2008(4):684-694.

[3] 陶星,李卫华,汪中飞. 基于知网的可拓领域信息元库的构建方法 [J]. 智能系统学报,2015,10(5):790-796.

[4] 李勇. 跨领域信息共享实施过程管理分析 [J]. 电子技术与软件工程,2015(4):13.

[5] 师新宇. 开展信息系统审计的思路及应用 [J]. 现代工业经济和信息化,2015,5(12):82-84.


作者简介:王翎艳(1970.09-),女,重庆人,高级会计师,研究生,研究方向:IT。