Today the FT is reporting that the FSA has written to the Chairman of the UK’s nine largest banks and building societies regarding the robustness of their IT Infrastructure and demanding the names of the individuals who will be held accountable for any IT failures.
The FSA’s actions are not surprising given the recent IT failures seen at RBS however it does raise yet another challenge for firms as they review their approach to IT Risk Management and seek the ways and means to incorporate ‘IT Risk Management’ into their wider Risk Management agenda.
In this blog post we set out how how the Stratex solution can assist firms to meet the challenge of driving forward their IT Risk Management framework, and importantly how this can be done as part of wider Enterprise Risk Management framework.
The Stratex solution is a SharePoint based application designed to enable sustainable strategy execution, of which risk management is a key part. At the very heart of the Stratex solution is a ‘framework’ which provides firms with a method of structuring their strategy and risk management data so that it is actionable information – kind of a strategy and risk management ‘data warehouse in a box’. This data is transformed into actionable information and insights via a range of dashboards and analytics.
Within the framework we capture the data structure to not only support strategy and risk management at the enterprise level but also at the operational level. Of course one of the key aspects of operational risk management is managing systems related risk.
Operational Risk: The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. - The Basel Committee
The Stratex solution enables firms to define their key systems as part of their overall risk framework and for each key system, key risks and key controls can be defined along with indicators of performance (KPIs), risk (KRIs) and control (KCIs). This means that firms can complete a risk assessment per key system, and can monitor changes to the risk profile over time via KRIs. From the perspective of the recent FSA letter about IT Risk Management, Stratex enables firms to define an Accountable person per system therefore encouraging a culture of accountability within the IT function and across the firm.
Having a governance model embedded within the Stratex solution means that individuals, in the IT function or across the enterprise automatically have access to ‘Line of Sight’ dashboards which can include the risks, controls etc they are accountable for.
Below is an example of a simple dashboard view from Stratex which is focused on Key Systems.
With their letters to the Chairmen, the FSA has ensured that IT Risk Management is on the board's agenda. If your firm is reviewing the way they manage IT Risk, and if they want to incorporate it into an wider risk management framework, contact us and let us demonstrate how Stratex can enable an integrated approach which can be deployed quickly, cost effectively, either On premise or via the Cloud.