Financial Services companies have endured a number of spectacular systems failures in the past, resulting in massive regulatory fines, significant customer losses and shareholder dissatisfaction. Systems failures can be due to classic IT errors, hackers attacking websites or even environmental factors. These failures will continue to happen. The only uncertain factor is how long the systems will remain unavailable and how quickly organisations can restore to normal conditions.
EY can help organisations identify where technology can go badly wrong by establishing an IT risk management framework, strengthening resilience and minimising downtime. This will enable clients firstly to decide on what areas of technology to focus on. Customer-facing applications, trading and payments systems, and ATMS are normally considered ‘gold’ systems which should prioritise efforts in assessing the risks of what could go wrong. Next step is to effectively validate the controls that prevent these systems from failing. Many organisations forget about a third party software vendor or a payments provider that is critical to their process. Establishing a Risk operating model that enables risk and controls to be managed on an effective basis is another key area of the framework. Many organisations choose to have their IT risk function in the business, or as part of Operational Risk or Internal Audit. The decision is dependent on the risk appetite of the organisation. Designing an effective set of risk metrics that indicate what systems are likely to fail is the final piece of the jigsaw to minimise and even prevent a systems failure from happening. Having an IT Risk framework is critical for all financial services organisations in today’s highly automated business world.