Hierarchy Process, Banking Information Technology Department Banks are thebridges which link supply and demand in the capital markets, and have played a significant role in the economic development of Taiwan. With the recent financial eformreform in Taiwan, increasing global financial integration, the rapid growth of capital markets and the introduction of the new financial commodities, Information Technology departments in banks need to lead the renewal of information technology and equipment to support the strategic growth of the banks. Until the necessary transformation is complete, banks will be subject to serious operational risks due to negligence of employees, improper control over processes, system failures, or external shocks. In this study, the author identified a preliminary set of operational risk levels and factors from papers, and used the Delphi Survey and Analytic Hierarchy Process (AHP) to gather and analyze the opinions from senior experts in order to construct an analysis model for the relative importance and consequent weighting of each risk factor. The author constructs three main hierarchical levels for the analysis of operational risks. The first level is the target level of “critical operational risk factors for the information technology departments of banks”. The second level consists of four constructs in which the “People Construct” is the most influential. The third level contains twenty one key factors, with “Employee Conspiracy/Fraud”, “Inappropriate Internal Control over Information Security”, “Electrical/Mechanical Equipment Failure”, “Network Equipment Failure”, “System Failure”, "Inadequate Control of System Storage" and “Inappropriate Handling of Password” as the seven most critical factors. Of the seven most critical factors, "Employee Conspiracy/Fraud" and "Inapproprate Internal Control over Information Security" account for 58% of the importance. In order to prevent them, the author suggests that banks select IT employees carefully, develop and implement the standard procedure as well as guidlines, and give the employees sufficient training to raise their ethical awareness and educate them of their legal responsibilities. Finally, the author devises a weighted score card for critical operational risk factors for Information Technology departments of banks. The score card is designed to be used by management for more accurate risk assessment in order to take necessary actions responsively at an early stage.