Upload
thilakpathirage
View
221
Download
0
Embed Size (px)
Citation preview
8/2/2019 IT Operational Risks- BaselII
1/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Programme on Designing
I nformat ion Systems forBusiness & Basel I I
June 18 21, 2007
Programme on DesigningProgramme on Designing
I nformat ion Systems forI nformat ion Systems forBusiness & Basel I IBusiness & Basel I I
June 18June 18
21, 200721, 2007
IT Risk Management for Basel II
V G SekarDGM & Member of Faculty
CAB, RBI
8/2/2019 IT Operational Risks- BaselII
2/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Operational Risk: An introOperational Risk: An intro
Basel II definition of Operational Risk: Risk of loss resultingfrom inadequate or failed internal processes, people andsystems or from external events.
The definition includes legal risk, but excludes strategic andreputational risk.
To assess the amount of operational risks, the banks may usevarious alternative approaches: BIA, STA & AMA
8/2/2019 IT Operational Risks- BaselII
3/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Operational Risk Management FrameworkOperational Risk Management Framework
Risk
Strategy
OrganisationalStructure
Reporting
Information Technology
BuildingBlocks
Definitions Loss Data Risk Assessment
Key Risk Indicators
MitigationCapital Modelling
8/2/2019 IT Operational Risks- BaselII
4/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
ITIT--related Risks Identified by Basel IIrelated Risks Identified by Basel II
IT
RISKS
Potential to transform risks from manual processingerrors to system failure risks
Growth of e-commerce brings with it potential risks
Viability issues of new or newly integrated systems
Need for continual maintenance of high-gradeinternal controls and back-up systems
8/2/2019 IT Operational Risks- BaselII
5/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Operational Risk EventsOperational Risk Events
8/2/2019 IT Operational Risks- BaselII
6/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Operational Risk EventsOperational Risk Events
8/2/2019 IT Operational Risks- BaselII
7/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
IT should identify acceptable limits of risk anddevelop metrics to measure performance
against these profiles.
Regularly monitor operational risk profiles and
material exposure to losses.
IT risk assessment results should be integrated
with other risk assessments and incorporatedinto the GRC framework.
Identify and assess operational risk.
IT should use GRC frameworks (e.g., COSO) tointegrate IT-specific risk within the overallcorporate risk mgmt process.
Develop policies, processes and procedures for
managing operational risk.
The internal IT audit function should beadequately skilled and staffed in line with the IT
risk profile.
The operational risk management framework issubject to effective and comprehensive internal
audit.
IT is a critical component of operational risk.There is a need for an operational risk mgtframework.
Guiding Principles for IT Risk ManagementGuiding Principles for IT Risk Management
under Basel IIunder Basel II
8/2/2019 IT Operational Risks- BaselII
8/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Guiding Principles for IT Risk Management underGuiding Principles for IT Risk Management under
Basel IIBasel II
IT should identify all relevant risks thatconstitute a material operational risk in thesense of disclosure as defined by seniormanagement, escalate where necessary toappropriate stakeholders and take corrective
action.
Provide sufficient public disclosure.
IT should document the IT risk profile for thesupervisory review process & external audit ofIT-related risk management.
Conduct regular independent evaluation of abanks policies, procedures and practicesrelated to operational risk.
IT continuity plans and incident responsemanagement.
Have contingency and business continuityplans.
IT risk policy and subsidiary procedures.Have policies, processes and procedures to
control and/or mitigate material operationalrisks.
8/2/2019 IT Operational Risks- BaselII
9/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
Acknowledgements & Further ReferencesAcknowledgements & Further References
www.bis.org
www.isaca.org
www.coso.org
www.kriex.org
8/2/2019 IT Operational Risks- BaselII
10/10
Date: Col lege of Agr icu l t ur a l Bank ing, RBI , PUNE
THANK YOUTHANK YOU