A CIO’s Perspective: Reconciling Risk Management with Disaster Recovery Tactics by Sanjay Verma

Sanjay Verma

establishing relationship

RISK Management and

DISASTER Recovery

source: Microsoft templates

DRIVERS

REGULATORY

LEGISLATIVE

BUSINESS

Good business practices source: Google images

OUTCOME

source: Google images

the FIVE

PRINCIPLES

BUSINESS IS

KING

1

source: Google images

YOUR

BUSINESS

Financial Reporting

RELATIONSHIP

2

BUSINESS

IT

source: Google images

BUSINESS PROCESS

CONTROLS

IT CONTROLS

Financial Reporting

source: Google images

Risk Management Business Continuity

Management

Key Method ………….. …………..

Key Parameters ………….. …………..

Type of Incident ………….. …………..

Size of events ………….. …………..

Scope ………….. …………..

Intensity ………….. …………..

OPERATIONAL RISK

Risk Management Business Continuity

Management

Key Method Risk Analysis Business Impact Analysis

Key Parameters Impact & Probability Impact & Time

Type of Incident ………….. …………..

Size of events ………….. …………..

Scope ………….. …………..

Intensity ………….. …………..

OPERATIONAL RISK

3 SINGLE INTEGRATED

FRAMEWORK

CRISIS MANAGEMENT

(Corporate issues)

BUSINESS CONTINUITY

(Process contingencies)

DISASTER RECOVERY

(IT system availability)

BUSINESS CONTINUITY MANAGEMENT INTEGRATION OF 3 DISCIPLINES

4 ENABLING

HOLISTIC

APPROACH

Business Process

Controls

IT Environment

Financial Reporting

Inte

rnal / E

xte

rnal A

ud

it

IT R

isk

& S

ecu

rity

Pro

fes

sio

nals

source: Google images

Threats

Vulnerabilities

Incidents

Assets

Business Impact

exploit

causing

affecting

producing

Deterrent Controls

Preventive Controls

Detective Controls

Corrective Controls

reduces

reduces

discovers

reduces

Risk Assessment Selection of Controls

Leads to

triggers

triggers

source: http://sabsa.org

SEPARATING

GOVERNANCE

& MANAGEMENT

5

Department

Process #2 Process #1

Work-

station

Builds

IT

Applicat-

ions

IT

Special

Needs

Network

Drives

Special

Require-

ments

Vital

Records

Internal

Depen-

dencies

Suppliers Roles

All-Hazards Approach to “Loss of Resource Type”

People, Seats, Cost Centre, Plan Owner

Process Workflow State Worst Time,

Frequency, Criticality

source: BCM Ina Box

THE INFORMATION ‘BRIDGE’

PROCESS-BY-IT SERVICES VIEW

RP

OR

TO

Ow

ner

BNZ BNZ BNZ BNZ BNZ BNZ NAB Cert NAB

LOC Auk Auk Auk Auk BNZ BNZ BNZ BNZ BNZ BNZ Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel

Process / IT Services matrix IT S

ervi

ce N

ame

Ana

lytic

al M

arke

ting

Dat

abas

e

Enc

oder

TD

P

TR

IAD

Alp

ha O

rang

e A

lpha

FT

P/X

CO

M

Gen

esys

Ove

r10

data

base

SD

R ta

gs

SIG

dat

abas

e

AP

AQ

Pac

k

B2K

BIS

BR

AIN

S

BT

Z

CD

S

CIF

CLS

ser

ver

Con

nect

ivity

Con

nex

CP

S

Name of Critical Process Name of Sub-Process MAO

Payments / Clearing and Settlement

Obligations

Cards Settlements Credit Card Issuing 24g g g g

Cards Settlements Merchant Acquiring 24g g g

Cards Settlements EFTPOS Debit Cards 24g g

Cards Settlements ATM Settlement 24g g

Retail Interchange

Inward & Outwards

Interchange positions 24g

Retail Interchange

Same day Cleared

Payments (Assured Value

Payments) 24g g g

Retail Interchange

Cheque and Lodgement

Processing 24g

Retail Interchange Direct Debit Processing 24g g g

Retail Interchange Direct Credit / Bill Payment 24g g

Retail Interchange Automatic Payments 24g g

Retail Interchange Foreign Cash 24g

Retail Interchange Dishonours 24g g g g g

BRIDGING

GAPS

Process #2

Process #1

“CORE” of RISK MANAGEMENT

source: BCM Ina Box

source: Google images

No COMPANY can make a profit

without taking risk

Taking RISKS without consciously managing it can

lead to the downfall of organisations

Risk PROFESSIONALS

are divided as to how to determine

risk appetite

Thank You