부산대학교 도서관

The word of “Compliance” can be defined to such as “obeying laws and regulations”in plain language. IT Compliance means the things that comply with mandatory regulations and guidelines related to protection of custom data, data retention and disclosure of financial statements for information users such as corporations and government agencies, and it can result in control of regulating business operations because corporations are considerably dependent on IT Systems. It is the IT Compliance activities of financial institutions, that make necessary procedures and manage organizations to effectively comply with complex and frequently changing regulations. Especially for financial institutions, the dependency on IT systems is more greater than that of other industries in that massive customer data operation (input, processing, output) of financial institutions are based on IT systems and with consideration of their impact on the national economy.These regulations on IT Compliance have lasted for years, but greater regulations have demanded higher social interest on CSR(Corporate Social Responsibility)and consciousness of unfaithful financial statements disclosure of corporations including Enron in U.S.A.Furthermore there are over 10,000 regulations related to Compliance in various areas such as labor environment, protection of customer’s rights, protection of private data, and the number and level of Compliance continues its upward trend. The punishment level is also increasing, implementing individual punishment for CEOs(under SOX) in the worst case scenario of Non-Compliance.These kinds of individual country’s IT Compliance regulations are becoming the business barrier to enter foreign countries and they can be encountered with severe economic loss, decrease of reputation and loss of business opportunities for corporations. Consequently IT Compliance is not a choice but a obligation for survival and competition of corporationsTherefore, this study has reviewed domestic and foreign IT Compliance regulations and a desirable IT internal control model through COSO, recognized as a internal control standard in the world. Moreover this study has reviewed that establishment of IT Compliance system is definitely needed in financial institutions for effective an IT internal control systems, and which alternatives can lay the foundation for IT Compliance. As a result of the study, the following proposals can be analogized.Financial institutions should cope with the crisis of IT Compliance with an active and positive manner at ERM(Enterprise Risk Management)level, and establish strong internal control systems through ERM. However one thing that shouldn’t be overlooked is that they are not a prerequisite but internal control system and IT Compliance should be managed and established simultaneously. To counter various IT Compliance risks effectively, a continuous response process for IT Compliance is needed other than a one-time project operation or hardware/software solution. Absolutely, taking active support of management is the most important thing for IT Compliance success in this process. Management should realize that the establishment of IT Compliance is linked directly with the survival of financial institutions, and construction of environment of “Tone ant the Top”, by creating supportive systems for IT Compliance and declare them officially to the organization internally and externallyAs for practical motivation, it should establish a“Steering Committee” that can represent and make right decisions to make a major plan, allowing the Steering Committee to build up IT Compliance to overall items within the organization.This “Steering Committee” should above all proceed with Risk Management based on active support of the management on every business sections of the financial institutions , document IT Compliance related to regulations and process, deliver and enforce them within the organization , practice continuous employee education and carry out consecutive measures and objective monitoringAdditional importance in this process is that this PDCA(Plan->Do->Check->Act)action should be rotated and the feedback should be given on the result of the PDCA action.Thus, financial institutions should accomplish a sustained management through transparent operation, risk management, social responsibility and ethic management with active and continuous IT Compliance activities.In conclusion, this study has verified precedence of IT Compliance is mandatory to establish an effective and efficient IT internal control system for financial institutions and full support of upper management, formation of official committees, risk management of overall organization sections, and with feedback on result in the process of PDCA are needed for IT Compliance.