IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF „IT”

1

IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF „IT”

Ferenc Olti Inter Európa Bank3736470, oltif@ieb.hu

2

3

4

Business strategy

We can’t talk about any successful business activity without business strategy. Need to answer at least the following questions: How much money do we want to earn and what

period? What we want to do with the profit? To reach our target, what do we want to sell and

to whom?How do we want to sell it?

We can’t talk about any successful business strategy without IT strategy!

5

The business and IT strategy relationship

The IT strategy is part of the business strategy

The IT has an important role in the realisation, creation, but IT isn’t the”owner”

Nothing works without commitment of the management

6

IT roles

Initiate ???Co-operateplanningmaketo follow up

7

The leading role of the IT and it’s responsibility

Knowing the businessto be a partnerbe part in the creation of the

company cultureto create a team

8

The place of the IT in the organisation chart

IT must be on the same level as business departments and not subordinated to

them!

9

The relationship of IT and business

Internal relationship and their problems Who should initiate ? Who should keep eye the external world

? Who manage the budget ?

External relationships IT realisation and contract details

10

How should IT be motivated?

IT also have to be sales-orientedDevelopment and operation have to

be strictly separated (conservative – creative)

Permanent dealing with the security questions

SECURITY

The bank security was always an important question, stable disciplines, but there are new challenges

Physical security is important and visible but the real risk is in IT

The new challenges basically IT type Information has never seemed to be

so centralised new products depending on IT

necessity of prompt decision fraud monitoring scoring

Security challenges caused by the centralisation of information

Planning of business continuity (BCP) save and reload strategy and

practice duplication, same or diverse

placehardware

• disks, serversfiles

organisation of business process for crises

people availability

A Security challenges caused by the centralisation of information

Human recourses, is the biggest challenge system administrators

reliabilityfinancial securitystable family backgroundmental and bodily health

authority handlingnew employee authenticationleavers training

Security challenges caused by the centralisation of information

Reduce possibility of collusion to deal strictly with double

checking cashier safety the best bank security expert

is the good accountant to see, not only to watch

New products depending on IT

Active electronic distribution channels protection against penetration

continuously penetration testvirus protection

client identification, legal questions

password, digital signature, etc. real-time operation risks

New products depending on IT

E-commerce B2C card-acquire risk

17

Example: card business

18

Types of fraudCardholder fraud

card cloning high risks

stolen card numbere-purchase

• risk can be reduced

Card not present

19

Types of fraud (2)Merchant fraud

collusion creative fraud

20

Issuer’s risksComplete

responsibility after forbidding, from 1/12/02 limited before

Client unsatisfactory, also if he isn’t right

EU regulation

21

Cardholder’s risksComplete risk take-

over until forbidding, but change after 01/12/02 unknowing the

contract unknowing rules

22

Merchant risksUnlimited on

internetrisk of being on

black listinconvenience of

authorisation request

23

CARDGUARDActive limit

management 0 limit Normal limit No limit

technical realisation

disposable card number

Fraud monitoring

Real-time fraud monitoring expensive it could cause inconvenience to

the client secure

post monitoring together with a good limit

managing is sufficient

25

FRAUD MONITORING

Follow up in general manual

expert

Programmedinternal developmentready made packages

role of the card companies

26

THANK YOU

27

The e-business like the football, everybody talks about it, either they are

interested in it or they have to or it’s fashion.

We are using clichés day by day, but no really think about

it’s true or not.

28

Necessity to set up clear targets

Give information or do active business? Give information

internal information external information advertisement

active business B2B, B2C ? Alone or with somebody? Trust chain

How shall we react on the pressures? Are we small or big ? What do we think about it ?

29

E- business risks

Almighty role is overestimatedPossibilities are underestimated Disharmony of the offer and the

shipping facilities unsolved logistic problemsPossibility to loss prestige