摘 要 自1995年10月美國SFNB(Security First Network Bank )在網路上建立了全球第一家網路銀行後,銀行業為突破目前營運困境而紛紛導入網路銀行業務,網路銀行的導入雖能為銀行業者帶來諸多效益,然而伴隨著網路銀行提供便捷金融服務的同時,相對衍生的風險問題,亦成為網路銀行發展極為重要的課題;由於網際網路乃是一個開放式網路,銀行主機資料極易直接暴露於公眾網路上,因此安全與風險是銀行業者與使用者應用網路銀行服務主要考量因素;由蒐集之相關文獻探討資訊系統環境下的風險及其內部控制之特性、網路銀行安全需求、風險及內部控制目標與內部控制之相關理論,發現 COBIT(Control Objectives for Information and Related Technology)內部控制架構應可適用於探討網路銀行之風險管理與安全控制,因此本研究乃引用COBIT以探討網路銀行內部控制與稽核要點。 本研究係為探索性研究,由COBIT內部控制架構,透過文獻探討與國內、外之網路銀行現況探討,建立本研究網路銀行內部控制因素共可分為管理面、技術面、內部稽核三構面,並藉由三構面因素來達成網路銀行安全控管品質目標。本研究之實證研究係採問卷調查方式,並運用因素分析、單因子變異數分析、多元迴歸分析等統計方法,進行本研究之探討。研究結果顯示: 1. 網路銀行內部控制因素有:管理面之「網路銀行安全需求」、「網路銀行風險管理及措施」、「網路銀行風險評估」,技術面之「安全控管與緊急應變規劃」,內部稽核之「稽核人員素養與內控評估」、「績效控管」、「訂定查核程式」,以及安全控管品質之「安全與信用需求」、「品質需求」二大目標。 2. 由管理面、技術面、內部稽核三構面之因素,分別對安控品質之「安全與信用需求」及「品質需求」二目標作多元迴歸分析,結果顯示,所有迴歸模式之P值均極為顯著,表示各個構面對達成安控品質目標均有影響。 3. 由整體網路銀行內控因素分別對「安全與信用需求」及「品質需求」二目標作多元迴歸分析,結果顯示,二個迴歸模式之P值均極為顯著,表 4. 示整體因素對安控品質目標均有影響。 由於國內網路銀行業務起步較晚,目前國內各銀行之內部控制與稽核制度亦多未臻健全,本研究應可供國內銀行業者建立網路銀行內部控制制度參考之用。
Abstract Since the Security First Network Bank in the United States of America established the first internet bank in the world in October 1995, the globe banking industry which have struggled for stagnation have set up their own internet business sector one by one. Indeed, the Internet has created many kinds of new business opportunities for the banking industry via the ultimate convenience for customers to adopt any bank offerings. However on the other side, there are many kinds of new business risks emerging once banks stepping in the Internet. The only conviction comes to that the Internet is rather an open environment and a kind of public communication web to which anyone could access and his or her identifications do not need to be authenticated. Thus, the risk management and security controls are the major concerns in the Internet banking business. After a preview study was made by the researcher, the COBIT(Control Objectives for Information and Related Technology)internal control framework is found to be more suitable to adopt to deal with the Internet bank’s risk management and security controls. The major purpose of this study is trying to figure out the scientific profiles when any Internet banking would follow the COBIT to manage their risk management and security controls. This study is exploratory in nature. The theoretical framework was built up after reviewing all Internet baking related papers and COBIT related as well. The Internet banking current situations and the COBIT practice also has been examined, and then the research conceptual framework has been finalized. There are four dimensions: the managerial section; the technology section; the internal control section and the performance section in the conceptual framework. The empirical study is a kind of survey researches via a questionnaire. The factor analysis, ANOVA and multi dimension regression are adopted as the statistics methods. The follows are the major findings: 1. The managerial section includes the security requirements, the risk management practice and the risk evaluation. The technology section includes the security control and responsive plans. The internal control section includes the security and credit requirements, and the quality level requirement. 2. The P values of the four regression models which are make up by the managerial section; the technology section; the internal control section as the independent variables and the performance section as the dependent variable come to significant levels. It means it failed to reject the managerial section; the technology section; the internal control section and the performance section are irrelevant. In another words, the variables of the managerial section, the technology section and the internal control section are important in the Internet banking’s risk management and security controls Taiwan Internet banking are a little bit laggard comparing with the worldwide stride. The research conclusions would be a worthwhile to them as the internal control reference when they want to take a foot into the Internet business.