IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF „IT”
Post on 14-Jan-2016
41 Views
Preview:
DESCRIPTION
Transcript
1
IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF „IT”
Ferenc Olti Inter Európa Bank3736470, oltif@ieb.hu
2
3
4
Business strategy
We can’t talk about any successful business activity without business strategy. Need to answer at least the following questions: How much money do we want to earn and what
period? What we want to do with the profit? To reach our target, what do we want to sell and
to whom?How do we want to sell it?
We can’t talk about any successful business strategy without IT strategy!
5
The business and IT strategy relationship
The IT strategy is part of the business strategy
The IT has an important role in the realisation, creation, but IT isn’t the”owner”
Nothing works without commitment of the management
6
IT roles
Initiate ???Co-operateplanningmaketo follow up
7
The leading role of the IT and it’s responsibility
Knowing the businessto be a partnerbe part in the creation of the
company cultureto create a team
8
The place of the IT in the organisation chart
IT must be on the same level as business departments and not subordinated to
them!
9
The relationship of IT and business
Internal relationship and their problems Who should initiate ? Who should keep eye the external world
? Who manage the budget ?
External relationships IT realisation and contract details
10
How should IT be motivated?
IT also have to be sales-orientedDevelopment and operation have to
be strictly separated (conservative – creative)
Permanent dealing with the security questions
SECURITY
The bank security was always an important question, stable disciplines, but there are new challenges
Physical security is important and visible but the real risk is in IT
The new challenges basically IT type Information has never seemed to be
so centralised new products depending on IT
necessity of prompt decision fraud monitoring scoring
Security challenges caused by the centralisation of information
Planning of business continuity (BCP) save and reload strategy and
practice duplication, same or diverse
placehardware
• disks, serversfiles
organisation of business process for crises
people availability
A Security challenges caused by the centralisation of information
Human recourses, is the biggest challenge system administrators
reliabilityfinancial securitystable family backgroundmental and bodily health
authority handlingnew employee authenticationleavers training
Security challenges caused by the centralisation of information
Reduce possibility of collusion to deal strictly with double
checking cashier safety the best bank security expert
is the good accountant to see, not only to watch
New products depending on IT
Active electronic distribution channels protection against penetration
continuously penetration testvirus protection
client identification, legal questions
password, digital signature, etc. real-time operation risks
New products depending on IT
E-commerce B2C card-acquire risk
17
Example: card business
18
Types of fraudCardholder fraud
card cloning high risks
stolen card numbere-purchase
• risk can be reduced
Card not present
19
Types of fraud (2)Merchant fraud
collusion creative fraud
20
Issuer’s risksComplete
responsibility after forbidding, from 1/12/02 limited before
Client unsatisfactory, also if he isn’t right
EU regulation
21
Cardholder’s risksComplete risk take-
over until forbidding, but change after 01/12/02 unknowing the
contract unknowing rules
22
Merchant risksUnlimited on
internetrisk of being on
black listinconvenience of
authorisation request
23
CARDGUARDActive limit
management 0 limit Normal limit No limit
technical realisation
disposable card number
Fraud monitoring
Real-time fraud monitoring expensive it could cause inconvenience to
the client secure
post monitoring together with a good limit
managing is sufficient
25
FRAUD MONITORING
Follow up in general manual
expert
Programmedinternal developmentready made packages
role of the card companies
26
THANK YOU
27
The e-business like the football, everybody talks about it, either they are
interested in it or they have to or it’s fashion.
We are using clichés day by day, but no really think about
it’s true or not.
28
Necessity to set up clear targets
Give information or do active business? Give information
internal information external information advertisement
active business B2B, B2C ? Alone or with somebody? Trust chain
How shall we react on the pressures? Are we small or big ? What do we think about it ?
29
E- business risks
Almighty role is overestimatedPossibilities are underestimated Disharmony of the offer and the
shipping facilities unsolved logistic problemsPossibility to loss prestige
top related