CN114580889A - Operation risk management and control method, device, equipment, medium and program product - Google Patents

Operation risk management and control method, device, equipment, medium and program product Download PDF

Info

Publication number
CN114580889A
CN114580889A CN202210198273.6A CN202210198273A CN114580889A CN 114580889 A CN114580889 A CN 114580889A CN 202210198273 A CN202210198273 A CN 202210198273A CN 114580889 A CN114580889 A CN 114580889A
Authority
CN
China
Prior art keywords
risk
data
target
management
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210198273.6A
Other languages
Chinese (zh)
Inventor
张海锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202210198273.6A priority Critical patent/CN114580889A/en
Publication of CN114580889A publication Critical patent/CN114580889A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Abstract

The embodiment of the invention relates to the technical field of computers, and discloses an operation risk management and control method, device, equipment, medium and program product, wherein the method comprises the following steps: acquiring target operation risk data of each risk control field of a target risk control object system; determining a potential risk event of the target risk management and control object system according to the target operation risk data; and triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system. According to the technical scheme, the problems that sharing relation is lacked among all management and control fields of a management and control object system and data analysis is single are solved, risk operation data of all risk management and control fields are integrated to conduct management and control risk analysis, systematic risk management and control are conducted according to analysis results, better data decision support can be provided for management of a business system, and the risk management and control of the business system are more accurate.

Description

Operation risk management and control method, device, equipment, medium and program product
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to an operation risk management and control method, device, equipment, medium and program product.
Background
In new business states such as network finance and open banks, the online business is rapidly developed, the dependence on an application system or an information system in the financial field is improved, and the operation risk of each system is possibly influenced by information technology interruption and network security. The financial industry provides a corresponding operation risk management and control system and a corresponding management and control scheme, and a certain risk management and control effect can be achieved.
However, the current risk management and control system respectively manages and controls each management and control field of each management and control object system, and the source of data only depends on the internal input of the system, which may cause the problems of data accuracy and integrity. In addition, the management flow of the risk management and control system is in a decentralized state, and the management and control fields of each management and control object system lack a sharing relationship with each other, so that the operation risk data of each management and control object system cannot be integrated, and a better data decision support cannot be provided.
Disclosure of Invention
The embodiment of the invention provides an operation risk management and control method, device, equipment, medium and program product, which are used for providing better data decision support for management of a business system and enabling the risk management and control of the business system to be more accurate.
In a first aspect, an embodiment of the present invention provides an operation risk management and control method, where the method includes:
acquiring target operation risk data of each risk control field of a target risk control object system;
determining a potential risk event of the target risk management and control object system according to the target operation risk data;
and triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system.
In a second aspect, an embodiment of the present invention provides an operation risk management and control device, where the device includes:
the data acquisition module is used for acquiring target operation risk data of each risk control field of the target risk control object system;
a risk event determining module, configured to determine a potential risk event of the target risk management and control object system according to the target operation risk data;
and the system management and control maintenance module is used for triggering a preset system maintenance flow according to the potential risk event so as to realize the operation risk management and control of the target risk management and control object system.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the operational risk management method provided by any embodiment of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the operational risk management and control method according to any embodiment of the present invention.
In a fifth aspect, an embodiment of the present invention further provides a computer program product, where the computer program is stored on the computer program, and when the computer program is executed by a processor, the computer program implements the operational risk management and control method provided in any embodiment of the present invention.
The embodiment of the invention has the following advantages or beneficial effects:
according to the embodiment of the invention, target operation risk data of each risk control field of a target risk control object system is obtained; comprehensively analyzing the target operation risk data of each risk control field to determine potential risk events of a target risk control object system; and then triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system. The problem that sharing relation is lacked among all management and control fields of a management and control object system and data analysis is single in the prior art is solved, risk operation data of all risk management and control fields are integrated to conduct management and control risk analysis, risk management and control of the system are conducted according to analysis results, better data decision support can be provided for management of a business system, and risk management and control of the business system are more accurate.
Drawings
Fig. 1 is a flowchart of an operation risk management and control method according to an embodiment of the present invention;
fig. 2 is a flowchart of an operation risk management and control method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an operation risk management and control apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some structures related to the present invention are shown in the drawings, not all of them.
In addition, it should be emphasized that the technical solutions of the present application, such as obtaining, storing, using, and processing of data, all conform to relevant regulations of national laws and regulations.
Example one
Fig. 1 is a flowchart of an operation risk control method according to an embodiment of the present invention, which is applicable to risk prevention and control of business systems, and is particularly applicable to risk prevention and control of each business system in the financial field. The method may be performed by an operational risk management apparatus, which may be implemented by software and/or hardware, integrated in a computer device having an application development function.
As shown in fig. 1, the operational risk management and control method includes the following modules:
s110, acquiring target operation risk data of each risk control field of the target risk control object system.
The target risk management and control object system may be any one of business systems, for example, business systems such as a logistics system, an inventory system, a sales platform system, and a payment system in the e-commerce field. For another example, in the financial field, the target risk management and control system includes any one of a loan system, a financial accounting system, a bank ledger system, a supervision and compliance management system, a legal management system, an employee work management system, an insurance system, a loan system, a transaction platform system, and the like.
The risk management and control field includes a loss event management field, a self-evaluation management field, a key risk index management field and a business continuity management field of the business system corresponding to each system. The target operation risk data corresponding to the loss event management field is loss event data, the loss event data comprises financial loss data, talent loss data, administrative penalty loss data and other data related to events causing loss to the business system main body, and specific data content comprises loss event reasons, loss amount and the like. Target operation risk data corresponding to the self-evaluation management field, namely preset system evaluation management data, comprises evaluation management data on a specific business product process, for example, in the process of running a business product, the three operation steps are included, each step may include some risk points, means such as business test running and the like are needed to determine whether the running data of the step related to the risk points meets safety indexes, and processing methods and processing results when corresponding risks occur, such as data of response time length among the steps. The target operation risk data corresponding to the key risk index management field is preset key risk index data, and the preset key risk index data comprises system business process drilling times, risk processing plan number, management layer loss rate, core talent loss rate and the like. Target operation risk data corresponding to the business continuity management field of the business system are system operation data, and the system operation data comprise data such as system fault recovery time, active user quantity, response time, continuous operation duration and the like.
In the prior art, data in each risk management and control field is generally entered into an operation risk management and control system in a corresponding field in a manual input manner, and the operation risk management and control systems in each field are respectively subjected to login management. In the application, the risk management and control fields are integrated, and management of target risk operation data can be performed in a unified mode. The user can access the operation risk management and control system through a login entrance to manage operation risk data. For example, the entered data is submitted and an audit process is initiated, each process supports flexible configuration of multi-level audit nodes, supports a superior node to return to any process node, and supports functions of data management and maintenance. The data acquisition can be based on real-time open system interface access, can also be based on a pipeline queue batch subscription mode, can also be based on a data middle station mode and the like, and is determined according to a specific data interaction scene. By automatically acquiring the risk control data generated by the target risk control object system in the manner, the accuracy, the real-time performance and the integrity of the data can be ensured
And S120, determining a potential risk event of the target risk management and control object system according to the target operation risk data.
The potential risk event is a risk event which may occur due to a system operation problem or a problem occurring in a system business process. Then, when determining that the potential risk is an event, determining whether a system operation fault event occurs in the target risk management and control object system according to the system operation data and preset key risk index data; and if so, determining a corresponding potential risk event according to the system operation fault. For example, if it is obvious that the user access amount data or the user acquisition data in the system operation data will occur, it can be further determined whether an operation failure event such as a web break, a web page display failure, or a transaction failure occurs. Each operational failure event may cause a corresponding potentially risky event, such as a loss of user volume, loss of transaction, or loss of management due to a breach.
Further, in an optional implementation manner, a key business process node causing a corresponding loss event may also be determined according to the loss event data and preset key risk index data; and determining corresponding potential risk events according to the key business process nodes. Illustratively, according to the loss amount of the loss event data and the service product associated with the loss event, a specific target risk control object system is positioned, so as to analyze historical message data of a service corresponding to the loss event, determine a key service process node causing the loss event, and analyze whether the node is still in fault, thereby causing the same or other different potential risk events as the loss event. Or some key risk indexes exceed the tasting numerical index range, and the corresponding current risk event can be determined according to specific index items exceeding the normal range.
In this step, the operational risk data of each risk control field is comprehensively analyzed according to the incidence relation among the data of each risk control field, so that a deeper and valuable analysis result, such as a risk distribution thermodynamic diagram, a risk prediction model, risk control measure recommendation and the like, can be obtained, and support is given to risk control decision.
And S130, triggering a preset system maintenance process according to the potential risk event, and realizing the operation risk control of the target risk control object system.
Specifically, according to the severity of the current risk event or the service type corresponding to the event causing the potential risk event, a corresponding system service test flow can be started, or a manual system service test prompt can be performed. For example, for a potential risk event such as a traffic jam or a traffic drop which may be caused by a surge in access amount, a system traffic test flow may be executed in batch to perform a system test, so as to further maintain the continuity of system operation and ensure the normal operation of a traffic system. Or, the key business links are tested in a targeted manner in a manual interaction mode.
According to the technical scheme of the embodiment, target operation risk data of each risk control field of a target risk control object system are obtained; comprehensively analyzing the target operation risk data of each risk control field to determine potential risk events of a target risk control object system; and then triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system. The problem that sharing relation is lacked among all management and control fields of a management and control object system in the prior art and data analysis is single is solved, risk operation data of all risk management and control fields are integrated to conduct management and control risk analysis, risk management and control of the system are conducted according to analysis results, better data decision support can be provided for management of a business system, and risk management and control of the business system are more accurate.
Example two
Fig. 2 is a flowchart of an operation risk control method according to a second embodiment of the present invention, and the scheme of this embodiment may be combined with the schemes in the foregoing embodiments to further describe a process of determining a target risk control object system according to analysis of each loss event in the financial field. The method may be performed by an operational risk management apparatus, which may be implemented by software and/or hardware, integrated in a computer device having an application development function.
As shown in fig. 2, the operational risk management and control method includes the following modules:
and S210, acquiring loss events occurring in the financial field.
Specifically, the preset financial subjects in the financial field refer to different financial company operation subjects, such as different banks, different investment companies, and the like, which belong to different preset financial subjects. For a default financial entity, the loss events include internal loss events, external loss events, and near loss events. The internal loss event refers to an operation risk event corresponding to actual or predicted financial loss formed by a preset financial subject. The external loss event refers to operation risk events such as large supervision penalty, cases and the like of other financial subjects in the financial field. A near loss event refers to an operational risk event that has occurred but does not result in actual or predicted financial or non-financial loss.
Further, the loss event data comprises data such as total loss amount, loss proportion related to operation risk, loss distribution proportion of each subject and the like; financial data such as short payments, litigation support, default operational penalties, unusual loss support, etc. is also included; legal action data, such as case name, lawyer fee, abortion amount, arbitration fee, action fee, etc. are also included; and the system also comprises supervision penalty data, such as supervision penalty event names, total penalty amount, total recovery amount and the like.
And S220, dividing the service subdivision field to which each loss event belongs by adopting a preset classification strategy.
Specifically, marking classification of the loss events can be performed according to the corresponding relation between the preset loss events and the subdivided business fields, and a classification strategy model can also be trained in advance to classify the loss events. For example, for a loss event, the classification thereof using the classification policy model may result in a score of 10 points for the a business domain, a score of 5 points for the B business domain, a score of 3 points for the C business domain, and so on. In a specific example, the data related to the loss is summarized and sorted according to the enterprise loss types, which can be divided into supervision penalty loss, litigation expenditure loss, illegal penalty loss, compensation default loss and the like, and the corresponding subdivided business fields, such as the fund business field, the loan business field, the tax business field and the like, can be further determined according to the business types related to the penalty types.
Of course, before the data is classified according to the loss event, the data can be preprocessed according to the data analysis requirement, such as data cleaning and data processing, so that the formats of the data are unified.
And S230, analyzing the segmentation result of the segmentation business field to which each loss event belongs and the segmentation business fields corresponding to all business systems under a preset financial subject in the financial field, determining the associated business system of each loss event, and taking the associated business system as the target risk control object system.
For a service system, it may include a plurality of service products, and then, a service system may also be classified into a plurality of service segments according to its specific service content, and according to the difference in emphasis of each service content, the scoring values belonging to different service segments are also different.
Then, a further adoption of a preset data clustering analysis algorithm can analyze the associated service system of each loss event. For example, the related loss event data of each subdivided business field and the enterprise system are classified and matched through a K-means method, a decision tree method or a Bayesian two-classifier algorithm, so as to determine the related business system of the loss event, and further take the related business system as a target risk control object system. For example, the certificate force no loss, the silver force no loss are associated with the anti-money laundering list monitoring system.
S240, analyzing each loss event and the key risk index data of the corresponding correlation service system through a preset correlation analysis algorithm, and determining the target key risk index data corresponding to the loss event.
Specifically, the association relationship between the loss event and the specific index data of the associated business system (i.e. the target risk management and control object system) can be found through an association analysis algorithm, such as Apriori algorithm, TF-Growth algorithm, etc., for example, the certificate and prison penalty loss has high correlation with the screening accuracy index of the anti-money laundering list monitoring system. Meanwhile, potential loss risk points of the system, such as the talent loss rate of the anti-money-washing list monitoring system, the system operation stability, the fault recovery timeliness and the like, can be found out according to data analysis of the service operation messages and the like.
And S250, triggering a corresponding key risk index management process according to the target key risk index data.
Finally, aiming at the system which causes the loss, a self-evaluation management process and a service continuity management process of the system are automatically initiated, the system is perfected, and the loss is prevented from occurring again; and initiating a key risk index management process aiming at a system with potential loss risk, and carrying out comprehensive risk monitoring on the system from the dimension of the risk index to avoid the occurrence of the potential risk.
According to the technical scheme, all loss events in the financial field are obtained, and the corresponding associated business system is gradually determined as the target risk control object system according to the loss events analyzed by the determined preset financial subject, so that the target risk control system is maintained, and the system risk is reduced. The problem that sharing relation is lacked among all management and control fields of a management and control object system in the prior art and data analysis is single is solved, risk operation data of all risk management and control fields are integrated to conduct management and control risk analysis, risk management and control of the system are conducted according to analysis results, better data decision support can be provided for management of a business system, and risk management and control of the business system are more accurate.
EXAMPLE III
Fig. 3 is a schematic structural diagram of an operation risk management and control apparatus according to a third embodiment of the present invention, which is applicable to a scenario of risk prevention and control of each business system in the financial field, and the apparatus may be implemented in a software and/or hardware manner and integrated in a computer device with an application development function.
As shown in fig. 3, the operation risk management device includes: a data acquisition module 310, a risk event determination module 320, and a system administration maintenance module 330.
The data acquisition module 310 is configured to acquire target operation risk data of each risk control field of the target risk control object system; a risk event determining module 320, configured to determine a potential risk event of the target risk management and control object system according to the target operation risk data; and the system management and control maintenance module 330 is configured to trigger a preset system maintenance process according to the potential risk event, so as to implement operation risk management and control on the target risk management and control object system.
According to the technical scheme of the embodiment, target operation risk data of each risk control field of a target risk control object system are obtained; comprehensively analyzing the target operation risk data of each risk control field to determine potential risk events of a target risk control object system; and then triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system. The problem that sharing relation is lacked among all management and control fields of a management and control object system in the prior art and data analysis is single is solved, risk operation data of all risk management and control fields are integrated to conduct management and control risk analysis, risk management and control of the system are conducted according to analysis results, better data decision support can be provided for management of a business system, and risk management and control of the business system are more accurate.
Optionally, the target operational risk data includes: the system comprises system operation data, loss event data, preset system evaluation management data and preset key risk index data.
Optionally, the risk event determining module 320 is specifically configured to:
determining whether a system operation fault event occurs in the target risk control object system according to the system operation data and the preset key risk index data;
and if so, determining a corresponding potential risk event according to the system operation fault.
Optionally, the risk event determination module 320 may be further configured to:
determining key business process nodes causing corresponding loss events according to the loss event data and the preset key risk index data;
and determining a corresponding potential risk event according to the key business process nodes.
Optionally, the system management and control maintenance module 330 is specifically configured to:
and starting a corresponding system service test flow by the target risk management and control object system according to the potential risk event, or carrying out manual system service test prompt.
Optionally, the data obtaining module 310 is specifically configured to:
subscribing the messages in batch in a message queue mode to acquire the target operation risk data; or, obtaining target risk operation data pre-stored in a preset data warehouse by accessing the preset data warehouse.
Optionally, the operation risk management and control apparatus further includes:
the loss event analysis module is used for acquiring each loss event occurring in the financial field;
dividing the subdivision business fields to which the loss events belong by adopting a preset classification strategy;
and analyzing the segmentation result of the segmentation business field to which each loss event belongs and the segmentation business fields corresponding to all business systems under a preset financial subject in the financial field, determining the associated business system of each loss event, and taking the associated business system as the target risk control object system.
Optionally, the loss event analysis module is specifically configured to:
and analyzing the division result of the subdivision business field to which each loss event belongs and the subdivision business fields corresponding to all business systems under the preset financial subject in the financial field through a preset data clustering analysis algorithm.
Optionally, the loss event analysis module is further configured to:
and analyzing the loss events and the key risk index data of the corresponding correlation service system through a preset correlation analysis algorithm, and determining the target key risk index data corresponding to the loss events.
Optionally, the system management and control maintenance module 330 may further be configured to:
and triggering a corresponding key risk index management process according to the target key risk index data.
Optionally, the loss event includes an internal loss event, an external loss event, and an approximate loss event of the preset financial subject.
The operation risk control device provided by the embodiment of the invention can execute the operation risk control method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 4 is a schematic structural diagram of a computer device according to a fourth embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in FIG. 4 is only one example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention. The computer device 12 may be any terminal device with computing capability, such as a terminal device of an intelligent controller, a server, a mobile phone, and the like.
As shown in FIG. 4, computer device 12 is in the form of a general purpose computing device. The components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of embodiments of the invention as described.
Computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, computer device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) through network adapter 20. As shown, network adapter 20 communicates with the other modules of computer device 12 via bus 18. It should be appreciated that although not shown in FIG. 4, other hardware and/or software modules may be used in conjunction with computer device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, implementing an operation risk management method provided by the present embodiment, the method includes:
acquiring target operation risk data of each risk control field of a target risk control object system;
determining a potential risk event of the target risk management and control object system according to the target operation risk data;
and triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system.
EXAMPLE five
The fifth embodiment provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements an operational risk management and control method according to any embodiment of the present invention, where the method includes:
acquiring target operation risk data of each risk control field of a target risk control object system;
determining a potential risk event of the target risk management and control object system according to the target operation risk data;
and triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system.
Computer storage media for embodiments of the present invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer-readable storage medium may be, for example but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It will be understood by those skilled in the art that the modules or steps of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of computing devices, and optionally they may be implemented by program code executable by a computing device, such that it may be stored in a memory device and executed by a computing device, or it may be separately fabricated into various integrated circuit modules, or it may be fabricated by fabricating a plurality of modules or steps thereof into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (15)

1. An operational risk management and control method, the method comprising:
acquiring target operation risk data of each risk control field of a target risk control object system;
determining a potential risk event of the target risk management and control object system according to the target operation risk data;
and triggering a preset system maintenance flow according to the potential risk event to realize the operation risk control of the target risk control object system.
2. The method of claim 1, wherein the target operational risk data comprises:
the system comprises system operation data, loss event data, preset system evaluation management data and preset key risk index data.
3. The method of claim 2, wherein determining the potential risk event for the target risk management object system from the target operational risk data comprises:
determining whether a system operation fault event occurs in the target risk control object system according to the system operation data and the preset key risk index data;
and if so, determining a corresponding potential risk event according to the system operation fault.
4. The method of claim 2, wherein determining the potential risk event for the target risk management object system from the target operational risk data further comprises:
determining key business process nodes causing corresponding loss events according to the loss event data and the preset key risk index data;
and determining a corresponding potential risk event according to the key business process nodes.
5. The method according to any one of claims 1-4, wherein triggering a pre-set system maintenance procedure based on the risk potential event further comprises:
and starting a corresponding system service test flow by the target risk management and control object system according to the potential risk event, or carrying out manual system service test prompt.
6. The method according to claim 5, wherein the obtaining target operational risk data of each risk control field of the target risk control object system comprises:
subscribing the messages in batch in a message queue mode to acquire the target operation risk data; or, obtaining target risk operation data pre-stored in a preset data warehouse by accessing the preset data warehouse.
7. The method of claim 1, further comprising:
acquiring loss events occurring in the financial field;
dividing the subdivision business fields to which the loss events belong by adopting a preset classification strategy;
and analyzing the segmentation result of the segmentation business field to which each loss event belongs and the segmentation business fields corresponding to all business systems under a preset financial subject in the financial field, determining the associated business system of each loss event, and taking the associated business system as the target risk control object system.
8. The method according to claim 7, wherein the analyzing based on the division result of the subdivided business fields to which the loss events belong and the subdivided business fields corresponding to all business systems under a preset financial subject in the financial field comprises:
and analyzing the division result of the subdivision business field to which each loss event belongs and the subdivision business fields corresponding to all business systems under the preset financial subject in the financial field through a preset data clustering analysis algorithm.
9. The method of claim 8, further comprising:
and analyzing the loss events and the key risk index data of the corresponding correlation service system through a preset correlation analysis algorithm, and determining the target key risk index data corresponding to the loss events.
10. The method of claim 9, further comprising:
and triggering a corresponding key risk index management process according to the target key risk index data.
11. The method of claim 7, wherein the loss event comprises:
an internal loss event, an external loss event, and an approximate loss event of the predetermined financial entity.
12. An operational risk management and control apparatus, the apparatus comprising:
the data acquisition module is used for acquiring target operation risk data of each risk control field of the target risk control object system;
a risk event determining module, configured to determine a potential risk event of the target risk management and control object system according to the target operation risk data;
and the system management and control maintenance module is used for triggering a preset system maintenance flow according to the potential risk event so as to realize the operation risk management and control of the target risk management and control object system.
13. A computer device, characterized in that the computer device comprises:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the operational risk management method of any of claims 1-11.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out an operational risk management method according to any one of claims 1-11.
15. A computer program product comprising a computer program which, when executed by a processor, implements the operational risk management method according to any one of claims 1-11.
CN202210198273.6A 2022-03-02 2022-03-02 Operation risk management and control method, device, equipment, medium and program product Pending CN114580889A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210198273.6A CN114580889A (en) 2022-03-02 2022-03-02 Operation risk management and control method, device, equipment, medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210198273.6A CN114580889A (en) 2022-03-02 2022-03-02 Operation risk management and control method, device, equipment, medium and program product

Publications (1)

Publication Number Publication Date
CN114580889A true CN114580889A (en) 2022-06-03

Family

ID=81771691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210198273.6A Pending CN114580889A (en) 2022-03-02 2022-03-02 Operation risk management and control method, device, equipment, medium and program product

Country Status (1)

Country Link
CN (1) CN114580889A (en)

Similar Documents

Publication Publication Date Title
US10467631B2 (en) Ranking and tracking suspicious procurement entities
CN110442712B (en) Risk determination method, risk determination device, server and text examination system
US20210112101A1 (en) Data set and algorithm validation, bias characterization, and valuation
US20200202431A1 (en) Using automated data validation in loan origination to evaluate credit worthiness and data reliability
CN111127178A (en) Data processing method and device, storage medium and electronic equipment
CN103530106A (en) Method and system of context-dependent transactional management for separation of duties
CN112598513B (en) Method and device for identifying stockholder risk transaction behaviors
CN110363653A (en) Financial service request response method, device and electronic equipment
CN111062799A (en) Method and device for managing family client, electronic equipment and storage medium
US11556873B2 (en) Cognitive automation based compliance management system
Zahi et al. Modeling car loan prepayment using supervised machine learning
US9082085B2 (en) Computing environment climate dependent policy management
CN110472895B (en) Financial system wind control method and device, computer equipment and storage medium
CN115034596A (en) Risk conduction prediction method, device, equipment and medium
CN113610625A (en) Overdue risk warning method and device and electronic equipment
CN111681094B (en) Method and device for monitoring resource policy abnormality and electronic equipment
CN111210109A (en) Method and device for predicting user risk based on associated user and electronic equipment
CN110610290A (en) Inter-connected merchant risk control method and system
CN114580889A (en) Operation risk management and control method, device, equipment, medium and program product
CN115994819A (en) Risk customer identification method, apparatus, device and medium
KR20230103025A (en) Method, Apparatus, and System for provision of corporate credit analysis and rating information
CN111429257B (en) Transaction monitoring method and device
CN114078046A (en) Risk early warning information generation method and device and electronic equipment
CN114880369A (en) Risk credit granting method and system based on weak data technology
CN116186785B (en) Log desensitization method, device, equipment, medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination