The China Academy of Information and Communications Technology released the "Top Ten Keywords in the Field of New IT Governance in 2023": platform engineering, AI model risk control, and digital transformation evaluation were on the list

Recently, at the main forum of the "2023 GOLF+ IT New Governance Leadership Forum", the China Academy of Information and Communications Technology (hereinafter referred to as the "China Academy of Information and Communications Technology") released the "2023 Top Ten Keywords in the Field of New IT Governance", and words such as platform engineering, continuous testing, operation and maintenance large model, AI model risk control, and digital transformation evaluation were on the list.

He Baohong, Institute of Cloud Computing and Big Data of the Chinese Academy of Information and Communications Technology, pointed out that the top ten keywords in the field of new IT governance this year mainly focus on XOps (the integration of multiple hot technologies and operation and maintenance), diversified R&D and operation transformation, science and technology governance and auditing, digital risk control and other fields. In terms of IT risk control and auditing, the new generation of IT audit system is constantly empowering enterprise technology governance, among which AI model risks, personal information protection compliance audits, and digital transformation evaluations have become hot topics from all walks of life. In addition, in terms of digitally empowered corporate governance, the construction of a digital risk control system and the sharing mechanism of digital audit capabilities are also promoting the modernization of enterprise organization-level governance capabilities.

The first keyword is BizDevOps (integration of business R&D and operations). The relationship between business and technology in the digital eraUnder the trend of industrial digitalization, technology has become the core of business evolution and innovation, and the core engine is BizDevOps. Many enterprises have reshaped the production and research process around business value, for example, China Merchants Bank has strengthened the digital product ecosystem of industry and technology integration based on value.

The second key word is platform engineering. In the past two years, the concept of platform engineering has received great attention from domestic and foreign enterprises, and there are corresponding policy documents at the national level calling on industry enterprises to actively introduce R&D and operation and maintenance integration tools and build an enterprise-level one-stop R&D collaboration platform. The value of platform engineering is mainly reflected in the fact that it is the core capability for the successful implementation of enterprise-level R&D and operation integration (DevOps).

The third key word is continuous testing, with the continuous improvement of the requirements of the country and enterprises for the quality construction of information technology, the continuous testing emphasizing the shift to the left, the right shift and automation has become one of the best practices of the quality management of the whole life cycle of software. The Central Committee of the Communist Party of China and the State Council issued the "Outline for the Construction of a Quality Power", proposing to strengthen the basic capacity building of technological innovation, standard development, measurement and testing, and conformity assessment. The Ministry of Industry and Information Technology and other ministries and commissions proposed to complete the construction of testing tool chains and improve quality management and testing capabilities. In this context, continuous testing was created to improve the efficiency and effectiveness of testing.

The fourth keyword is the O&M model, which combines natural language processing, knowledge graph, machine Xi and other technologies, and mainly analyzes and processes problems in the O&M field intelligently. Through technical knowledge in the field of operation and maintenance such as root cause location and troubleshooting, it opens up the operation and maintenance scenario capabilities of the whole chain of data collection, analysis, decision-making, and execution, and provides intelligent support for operation and maintenance engineers in professional and technical knowledge Xi, complex fault analysis and other aspects, and realizes advanced intelligent operation and maintenance capabilities.

The fifth keyword is IT Audit 2.0. With the in-depth application of a new generation of information technology such as big data, cloud computing, and artificial intelligence, it has not only brought rapid development to the organization, but also increased the organization's information technology risk exposure. In order to effectively deal with the risks brought about by new technologies, the importance of IT audit has become increasingly prominent, and the audit method has played a supervisory role in enterprise technology governance. At the same time, the positioning of IT audit is also further developed and extended, from the traditional goal of ensuring the accuracy, authenticity and security of systems and data to the realization of audit objectives based on compliance, risk and value dimensions. The scope of IT audit is also gradually expanding, from within the company to the audit involving the entire upstream and downstream ecological chain.

The sixth keyword is AI model risk control. At present, the rapid development of artificial intelligence technology has had a profound impact on the economy, society and human civilization, but at the same time, artificial intelligence technology has also brought various risks and complex challenges. AI model risk control refers to embedding risk control measures in all aspects of the entire life cycle of AI model R&D and conducting responsible development and operation, which is an important measure to implement the principles of AI governance.

The seventh key word is personal information protection compliance audit. In the era of digital economy, auditing, as an independent supervision activity, has become an indispensable and important measure to promote the establishment and improvement of the compliance governance system of enterprises, and is also an important starting point for the implementation of a multi-level personal information protection supervision system. Personal information protection compliance audits play a prominent role in implementing the responsibility of personal insurance entities, optimizing compliance management mechanisms, and improving compliance systems.

The eighth key word is digital transformation evaluation. In recent years, the People's Bank of China (PBOC) and the former China Banking and Insurance Regulatory Commission (CBIRC) have both put forward requirements for the evaluation of digital transformation. At the same time, with the continuous growth of investment in digital transformation of enterprises, the effectiveness of investment and the evaluation of transformation value have also become the focus of attention of all parties. In this context, enterprises urgently need to establish a digital transformation evaluation system to evaluate the status, capabilities, and effectiveness of digital transformation from multiple perspectives and dimensions.

The ninth key word is the sharing of digital audit capabilities. As an important part of risk governance, enterprise internal audit is the department with the widest professional coverage and the largest demand for data, and plays a digital "synergy" role in its own digital transformation process. Internally, the internal audit department can share audit logic, audit models, and audit research results with first- and second-tier departments such as business and risk management, so as to release the digital value of auditing. Externally, the internal audit department should integrate into the external audit cooperation ecosystem, and build a "digital audit consortium" with industry institutions, audit peers, and other supervisory entities to share audit digital products, audit capabilities, audit experience and audit data.

The tenth key word is digital risk control. At present, the internal and external environment faced by enterprises is constantly changing, and the uncertainty is increasing, which puts forward higher requirements for the quality and efficiency of risk management. Enterprises need to actively carry out the top-level design of the risk control system, explore the establishment of a coordinated operation mechanism for risk prevention functions such as internal control, compliance, legal affairs, auditing, and supervision, strengthen overall coordination, and promote the formation of a joint force for risk control through information sharing, mutual use of results, and joint rectification. At the same time, it is necessary to build a high-quality and coherent data and digital operation collaboration platform with the support of the digital technology base, gradually promote the digital application of various key areas, promote the digital transformation of internal control, compliance, audit and other functions, form a multi-integrated digital risk control system, and effectively improve the organization's risk response capability and governance modernization level.