商业银行信息科技风险现场检查指南1目录第一部分概述............................................................................................................................121.指南说明..................................................................................................................................131.1目的及适用范围.............................................................................................................131.2编写原则........................................................................................................................141.3指南框架........................................................................................................................15第二部分科技管理.....................................................................................................................172.信息科技治理..........................................................................................................................182.1董事会及高级管理层.....................................................................................................18检查项1:董事会........................................................................................................18检查项2:信息科技管理委员会................................................................................19检查项3:首席信息官(CIO)..................................................................................202.2信息科技部门.................................................................................................................21检查项1:信息科技部门............................................................................................21检查项2:信息科技战略规划....................................................................................232.3信息科技风险管理部门.................................................................................................24检查项1:信息科技风险管理部门............................................................................242.4信息科技风险审计部门.................................................................................................25检查项1:信息科技风险审计部门............................................................................252.5知识产权保护和信息披露.............................................................................................26检查项1:知识产权保护............................................................................................26检查项2:信息披露....................................................................................................263.信息科技风险管理...................................................................................................................283.1风险识别和评估.............................................................................................................28检查项1:风险管理策略............................................................................................28检查项2:风险识别与评估........................................................................................293.2风险防范和检测.............................................................................................................29检查项1:风险防范措施.............................................................................
