Research On Commercial Bank Information System Security Auditing

Finance is the core of our national economy, yet commercial bank plays a fairly important role in the financial system. Recent years , with the development of Banking informatization, the operation and management of the commercial bank information system get more and more complicated, informatization risk which caused by the commercial bank informatization has become an important party to the operation risk of the bank, and has become one of the most important factors which threaten the security of the bank. On this situation, Basel accord which is the most influential regulation standards to the bank also appears no exhaustive effect on avoiding the informatization risk. Even for the external financial auditor, there's nothing they can do in such complicated condition. For the new situation, at a risk-oriented and information system audit for its own organizational structure, processes and IT systems technical architecture, through the establishment of perfect regulation and mechanisms of financial information system audit ,a new scientific schema of risk aversion it seems another new weapon for avoiding financial risks,Under such background, the article researches the information system auditing theory and method for the first, and gives the details about the information system auditing conception, objective, contents and audit procedure, and also explains the meaning of method of the risk-oriented information system security audit. For the second, in order to provide some essential risk-oriented for the information system auditing, the article describes the information systems of the commercial bank and their inherent risk, and from the information techniques point of the view, we try to get the operation risk definition and their categories. At last, through introducing the overseas matured IT organizational structure and model, the article builds the relatively complete structure for our own commercial bank information system audit, and makes the information system audit as a most powerful tool for avoiding bank informatization risk, thereby offsetting the deficiency of the financial auditing, and further perfecting our financial risk supervision system.