|
|
Audit and Assessment of IS in banks
Fleischmann, Martin ; Svatá, Vlasta (advisor) ; Sokolovský, Zbyněk (referee) ; Novák, Luděk (referee)
Abstract (english) Objectives The main objective of this work is to design methods and proceadures enhancing effectiveness and efficiency of IT audit in banks with the accent given to their use by the supervisory authorities. Another objective of the work (and an essential starting point at the same time) is a summary and assesment of methods and proceadures developed and implemented into the CNB practice with regard to banking supervision in the area of information systems. Objectives Achievement From the methodological point of view the esential starting point of the work was represented by above mentioned objectives that were used for elaboration of a set of questions. Questions enabled to set up the hypotheses. (Another more particular hypotheses were defined in order to design the particular solutions in chapter 5.) Futhermore, the critical factors (problems) were defined in the process of the questions analyses. Subsequently, the solutions were specified. The solutions confirmed the hypotheses which reflected the achievement of the objectives. Description, categorisation, analyses, screening, modelling, comparative analyses and sample testing were used to achieve the objectives. In particular, the solutions that were elaborated, making use of methods described above, enhance effectiveness and efficiency of IT audit in banks. Moreover, the CNB's proceadures and methods were introduced and assesed within the work. Scientific Contribution The work brings an evidence of correlation between the quality of IT audit in banks and their economical performance. With this regard the work contributes with original conclusions, benchmarks and proceadures that may be used by banks, supervisory authorities and IT auditors. These conclusions are achieved by description, categorisation, analyses, modelling and screening research highlighting the role of the rentability, the productivity, the risks, the inovations and the economical value of information. Furthermore, the IT audit and IT supervision in banks are specified. They are also compared and contrast to the other audit cathegories. The work presents important peaces of evidence regarding the role of IT audit in this context. This is made by description, cathegorisation and analyses. Another contribution represents proceadures and methods developed and implemented (to the large extend by author) in the field od IT banking supervision in the Czech Republic. This delivers valuable outputs for foreign supervision authorities, banks and auditors. The work lead to original solutions of critical factors. These solutions are to use by IT audit and IT supervision (and also in audit work generally). The solutions make use of ceartain atributes of Capability Maturity Model (CMM) and were elaborated in the proces of decsription, cathegorisation, screening research, comparative analyses, hypotheses seting and testing. The solutions enhances acuracy and objectiveness of assesment done by IT auditors. The solutions lead to better comparativeness of audit outputs on both national and international level, give better preconditions for risk assesment and capital adequacy evaluation within BASEL II and enhance the information value of audit ouptuts. The structure (content) of the work reflects the above mentioned articles that give a brief description of the main four parts (chapters) of the work.
|
|
|
Basel II and IS/ICT
Kovář, Petr ; Bruckner, Tomáš (advisor) ; Fleischmann, Martin (referee)
The Basel II Framework ensures banks are well capitalized. It is designed to be more risk sensitive than the old Basel Capital Accord and considers operational risk, such as "the risk of loss resulting from inadequate or failed internal procesess, people and systems or from external events." Banks are forced to calculate the regulatory capital charge for operational risk and want to optimize it. IT is a substantial part of operational risk and therefore is a part of the regulatory capital charge for operational risk. The Basel Committee requires banks to implement a framework to manage operational risk. One objective of this study is to provide description of this framework, IT aspects of operational risk and IT governance under Basel II, based on available sources of information. Another objective is to design processes for assessing and managing IT and operational risks under Basel II. Last but not least objective of this study is to disclose recent credit risk data and indicators for consolidated sector and large banks in the Czech republic. The amount of the regulatory capital charge for operational risk is an important part of the overall capital charge. This work increases IT practitioner's understanding of such topics as assessing and managing operational risk under Basel II.
|
guest ::
