| Recently, the accomplishment of insurance informative development achieved in our country is well known, IT has become the important driving force to accelerate the development of the insurance industry ,the insurance industry has become increasingly dependent on IT. Centralized management in the IT trend, how to effectively identify and control the various types of IT risk become an important issue faced to the insurance industry. The new problems and challenges that facing to the insurance industry are how to understand the negative effects on information technology, enhance IT risk management, establish perfect risk management system, prevent and resolve IT risk, achieve the maximum benefits to information technology of enterprises.In this paper, the author regards PICC as the subject and its IT risk management as the study object. Beginning with analysis of IT current situation of PICC, by drawing lessons from the research both at home and aboard. The research is on the theory of IT risk management, the relationship between IT risk and IT control, internal control, COSO framework, and so on. Combined with the characteristics and risk analysis of the insurance industry to help PICC to choose the right direction and means of risk management, and provide some targeted, operational IT risk management strategy to assist the company to carry out IT-based risk management program implementation. Since the concept of IT risk management is broad and it's contents are rich, IT risk has several kinds corresponding to different views, at the same time, IT risk management requires the establishment of comprehensive management system, this is a complicated systematic project, the range of achieving a frame of reference is very large, thus, it should take several steps, first, to improve the urgent and important parts, to obtain the effectiveness of the experience, and then gradually in-dept, continually improve and enhance. Therefore, this study is currently planned to starting with the status quo of the PICC IT risk management framework, analysis and summary the risk that need to be focused on, and proposes the concrete rectification plans and the measures.The paper also do some exploring from the IT risk management procedures and security measures, combined with the organizational structure, project management methods and risk protection and monitoring platform. The IT risk management methods and practices that this paper discusses are based on the analysis of current situation in the IT risk of insurance industry, introduces the domestic and foreign research results and the IT risk management tools, its findings can be applied to other insurance companies in the IT risk management process, can be as the IT management mentality inspiration. The results will be further enriched and improved in the procedure of IT risk management of PICC. This article only proposes the implementation plan of the current phase for the status quo of PICC IT management. IT risk management is a cycle of repeated and continuous improvement process, we must step by step, by continuously identify and locate the gap between learning and summarize, continuously achieve substantive results and goals, to gradually meet the business needs of the establishment of IT risk management. |
PDF Full Text Request