Upload
marcus-evans
View
487
Download
1
Embed Size (px)
Citation preview
Sanjay Verma
establishing relationship
RISK Management and
DISASTER Recovery
source: Microsoft templates
DRIVERS
REGULATORY
LEGISLATIVE
BUSINESS
Good business practices source: Google images
OUTCOME
source: Google images
the FIVE
PRINCIPLES
BUSINESS IS
KING
1
source: Google images
YOUR
BUSINESS
Financial Reporting
RELATIONSHIP
2
BUSINESS
IT
source: Google images
BUSINESS PROCESS
CONTROLS
IT CONTROLS
Financial Reporting
source: Google images
Risk Management Business Continuity
Management
Key Method ………….. …………..
Key Parameters ………….. …………..
Type of Incident ………….. …………..
Size of events ………….. …………..
Scope ………….. …………..
Intensity ………….. …………..
OPERATIONAL RISK
Risk Management Business Continuity
Management
Key Method Risk Analysis Business Impact Analysis
Key Parameters Impact & Probability Impact & Time
Type of Incident ………….. …………..
Size of events ………….. …………..
Scope ………….. …………..
Intensity ………….. …………..
OPERATIONAL RISK
3 SINGLE INTEGRATED
FRAMEWORK
CRISIS MANAGEMENT
(Corporate issues)
BUSINESS CONTINUITY
(Process contingencies)
DISASTER RECOVERY
(IT system availability)
BUSINESS CONTINUITY MANAGEMENT INTEGRATION OF 3 DISCIPLINES
4 ENABLING
HOLISTIC
APPROACH
Business Process
Controls
IT Environment
Financial Reporting
Inte
rnal / E
xte
rnal A
ud
it
IT R
isk
& S
ecu
rity
Pro
fes
sio
nals
source: Google images
Threats
Vulnerabilities
Incidents
Assets
Business Impact
exploit
causing
affecting
producing
Deterrent Controls
Preventive Controls
Detective Controls
Corrective Controls
reduces
reduces
discovers
reduces
Risk Assessment Selection of Controls
Leads to
triggers
triggers
source: http://sabsa.org
SEPARATING
GOVERNANCE
& MANAGEMENT
5
Department
Process #2 Process #1
Work-
station
Builds
IT
Applicat-
ions
IT
Special
Needs
Network
Drives
Special
Require-
ments
Vital
Records
Internal
Depen-
dencies
Suppliers Roles
All-Hazards Approach to “Loss of Resource Type”
People, Seats, Cost Centre, Plan Owner
Process Workflow State Worst Time,
Frequency, Criticality
source: BCM Ina Box
THE INFORMATION ‘BRIDGE’
PROCESS-BY-IT SERVICES VIEW
RP
OR
TO
Ow
ner
BNZ BNZ BNZ BNZ BNZ BNZ NAB Cert NAB
LOC Auk Auk Auk Auk BNZ BNZ BNZ BNZ BNZ BNZ Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel Mel
Process / IT Services matrix IT S
ervi
ce N
ame
Ana
lytic
al M
arke
ting
Dat
abas
e
Enc
oder
TD
P
TR
IAD
Alp
ha O
rang
e A
lpha
FT
P/X
CO
M
Gen
esys
Ove
r10
data
base
SD
R ta
gs
SIG
dat
abas
e
AP
AQ
Pac
k
B2K
BIS
BR
AIN
S
BT
Z
CD
S
CIF
CLS
ser
ver
Con
nect
ivity
Con
nex
CP
S
Name of Critical Process Name of Sub-Process MAO
Payments / Clearing and Settlement
Obligations
Cards Settlements Credit Card Issuing 24g g g g
Cards Settlements Merchant Acquiring 24g g g
Cards Settlements EFTPOS Debit Cards 24g g
Cards Settlements ATM Settlement 24g g
Retail Interchange
Inward & Outwards
Interchange positions 24g
Retail Interchange
Same day Cleared
Payments (Assured Value
Payments) 24g g g
Retail Interchange
Cheque and Lodgement
Processing 24g
Retail Interchange Direct Debit Processing 24g g g
Retail Interchange Direct Credit / Bill Payment 24g g
Retail Interchange Automatic Payments 24g g
Retail Interchange Foreign Cash 24g
Retail Interchange Dishonours 24g g g g g
BRIDGING
GAPS
Process #2
Process #1
“CORE” of RISK MANAGEMENT
source: BCM Ina Box
source: Google images
No COMPANY can make a profit
without taking risk
Taking RISKS without consciously managing it can
lead to the downfall of organisations
Risk PROFESSIONALS
are divided as to how to determine
risk appetite
Thank You