1 摘要 光大证券“816”乌龙指事件的调查，确定了该公司套利交易系统存在重大风 险控制缺陷。通过该事件可以看出，信息系统问题引发的严重风险事件可以对整个 市场、对公司、对社会造成巨大的影响。类似这种由于信息系统的问题导致证券公 司产生损失或声誉风险的事件不在少数。HS证券公司在行业里属于中等偏上的规 模，业务的发展也是蒸蒸日上，就像行业里普遍现象一样，公司信息系统规模、数 量也是与日俱增，由此产生的信息系统风险更是不容忽视。在此背景下，本文希望 通过对HS证券公司信息系统审计的研究，分析HS证券公司信息系统审计问题，提 出优化建议，弥补缺陷，提升信息系统的审计质量，改善审计效果，从而有效降低 HS公司信息系统的安全与合规风险。 本文主要运用案例分析法对HS证券公司信息系统审计进行个案研究。先从证 券公司信息系统审计基础理论出发，对证券公司信息系统审计概念和特点进行阐 述，系统梳理了HS证券公司现有的信息系统审计框架，包括证券公司信息系统审 计对象、审计目的、审计流程、审计方法及组织管理等方面。 文章以HS证券公司信息系统审计为案例背景，介绍了HS证券公司信息系统发 展和特点，信息系统审计的发展历程与组织管理，并通过 HS证券公司信息系统审 计的具体实践，以信息系统业务连续性、系统及数据的安全性为主要对象，识别其 存在的风险及采取的应对措施。同时，对HS证券公司近年信息系统审计发现的主 要问题及信息系统审计的实施成效进行归纳总结，指出该公司在开展信息系统审计 过程中存在审计方式单一、覆盖面不够、审计人员不足等问题并对问题加以分析研 究，提出了改进优化建议。通过优化审计方式、增加审计覆盖范围、加强公司审计 人力资源规划改进审计工作，优化HS公司信息系统审计实施，从而有效提高审计 质量，改善审计效果。 信息系统审计进入国内不过十多年，由于证券行业的特殊性，业务开展与信息 系统已经密不可分，但由于证券行业本身也是新兴事物，故涉及证券公司信息系统 审计研究的项目甚少，本文的案例研究分析了HS证券公司信息系统审计实施与成 效，并指出存在的问题，有针对性地提出了扩大审计范围、优化审计方式等建议， 为当前国内证券行业更好实施信息系统审计工作抛砖引玉，为证券公司开展信息系 统审计提供借鉴，为证券行业信息系统审计的发展提供一种新思路。 关键词：证券公司；信息系统审计；HS公司 HS证券公司信息系统审计研究 I Abstract The investigation of the unreal incident "816" of Everbright Securities identified a significant risk control defects in the arbitrage trading system. From this event it is easy to see that serious risk events caused by information system problems can have huge effects on the whole market, the company and the society. It is not rare that this kind of information system problems caused losses or reputational risks for the securities firm. HS securities company has above the medium scale in the industry, and its business development is on the rise as well. Just as common as in the industry, the size and quantity of the company's information system are also very complex; thus the IT risks caused by it cannot be ignored. Under this background, the author is keen to do the more research of HS company's information system audit, thus to find out the shortcomings of it, make up for the defects, improve its quality and effectiveness, and thereby reduce the compliance and loss risk of HS company's information system. This paper mainly applies the case analysis method to perform the case study to the information system audit of HS Securities Company. It initially starts from the basic theory for the information system audit of securities company to illustrate the concepts and features for the information system audit of securities company, as well as streamlines and summarizes the implementation framework for the information system audit of securities company, including the audit subject, audit procedures, audit methods and organization management etc. for the information system of securities company. This paper takes the information system audit case of HS Securities Company as the background, introduces the development and features for the information system audit of HS Securities Company, as well as the development history and organization management of information system audit. Through the specific practice for the information system audit of HS Securities Company, it takes the business continuity, security risk of system and data as the main subject to illustrate the risk influences and audit response, and reveals the problems identified in the information system audit of HS Securities Company. Along with summarizing the effects of HS Securities Company implementing the information system audit, it also points out the problems existed in the information system audit of HS Securities Company, as well as raises the suggestions of improvement and optimization. Through the measures e.g. optimizing the audit method, increasing the coverage scope of audit etc., improve the information system audit of company, strengthen the resource construction for the information system audit of HS Securities Company, as well as optimize the information system audit of HS Securities Company through the improvement suggestions, enhance the quality of information system audit and improve the effects of information system audit. Abstract II It just has been more than ten years since information system audit entered China; however, due to the particularity of the securities industry, business and information systems have been inseparable. But because the securities industry itself is also just emerging, projects are very rare that involved with the information system audit research in the securities company. The case study in this paper analyses the implementation and results of information system audit in HS securities company, introduces information system audit work for domestic securities industry, provides references for securities company to carry out the information system audit, and provides a new way of thinking for the development of the information system audit in the securities industry. Key words: securities company; information system audit; HS company HS证券公司信息系统审计研究 1 目 录 导 论 ································································································ 1 一、选题背景与研究意义 ···································································· 1 二、国内外文献综述 ·········································································· 2 三、研究内容与研究方法 ···································································· 4 第一章 证券公司信息系统审计理论基础 ············································ 5 第一节 证券公司信息系统审计基本概念 ··················································· 5 一、证券公司信息系统审计概念 ··························································· 5 二、证券公司信息系统审计特点 ··························································· 6 三、证券公司信息系统审计目的 ··························································· 7 第二节 证券公司信息系统审计实施框架 ··················································· 8 一、证券公司信息系统审计对象 ··························································· 8 二、证券公司信息系统审计流程 ··························································· 9 三、证券公司信息系统审计方法 ························································· 11 四、证券公司信息系统审计组织管理 ··················································· 12 第二章 HS证券公司信息