Your SlideShare is downloading. ×
IT Risk Banca Populare de Sondrio
IT Risk Banca Populare de Sondrio
IT Risk Banca Populare de Sondrio
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IT Risk Banca Populare de Sondrio

541

Published on

IT: Measurement & Rules to Manage Risk …

IT: Measurement & Rules to Manage Risk
26/04/2013 By Nicoletta Boldrini Original Article from ZeoUnoweb.it
http://www.zerounoweb.it/casiutente/it-misurare-e-governare-per-gestire-il-rischio.html
Our Bank [Banca Popolare di Sondrio] confronts the IT risk management by the use
of sound management of complexity by applying a structured interdisciplinary
approach.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
541
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IT: Measurement & Rules to Manage Risk26/04/2013 By Nicoletta Boldrini Original Article from ZeoUnoweb.ithttp://www.zerounoweb.it/casiutente/it-misurare-e-governare-per-gestire-il-rischio.htmlOur Bank [Banca Popolare di Sondrio] confronts the IT risk management by the useof sound management of complexity by applying a structured interdisciplinaryapproach.“Implicitly complexity is constantly evolving; to govern this you must know whereyou are at any point in time and measure it." Began Milo Gusmeroli, DeputyGeneral Manager and CIO Banca Popolare di Sondrio, in sharing with ZeroUno allcritical issues related to complexity management confirming that it must bechecked and managed. "In my opinion, complexity in IT is an intrinsic condition -continues Gusmeroli - and it can open new revolutionary opportunities. Not toconsider complexity would be a mistake, and when doing so, it is essential to use astructured interdisciplinary approach."In the case of Banca Popolare di Sondrio, the IT Governance base of the Banksfoundation constitutes five pillars: Organization (as people and structure),Methods (services and processes), Architectures and Systems, Project PortfolioManagement, Budgeting and Performance Management."As the complexity simplification is leading to greater capacity and more effectivegovernance, of the IT domain architecture where systems play a decisive role," saidGusmeroli. In this context, Banca Popolare di Sondrio has established anArchitecture / Systems and Security group in the PMO and our staff has defined acontrol system that takes into account not only the architectural models (SOA, forexample), but also the provisioning choices."The other important area that we consider essential is to understand theintricacies of IT (to measure and rule) and [he is] referring to the catalog of servicesprovided (which is part of the pillar methodology), which, in terms of control,allows the IT department to have a clear view of the relationship between bankingprocesses, organizational units, IT services needed to support and adequatecomputing resources, "says Gusmeroli."The unit dedicated to the portfolio of projects, i.e. project management office, inBanca Popolare di Sondrio for this has the responsibility for the integration ofbudget, projects / service catalog, reporting, measurement, reporting andrepositioning [this also to connect to the Bank of Italy reporting in terms of banksprudential supervision - Ed], "adds Gusmeroli. "Finally, the scope and budgetperformance management has in charge obtains a balanced scorecard, however,integrating all part of project administration and catalog services for the strategic
  • 2. management of IT must always be supported by objective measurements andrelated to the objectives of business. "Interpreting the phenomena how to govern ITMilo Gusmeroli, Deputy General Manager & CIO Banca Popolare di Sondrio"IT is such a complex organization and IT can be effectively governed, however ITmust be measured precisely in its complexity," highlights Gusmeroli. "This measureis aimed, in our case, to understand and interpret phenomena using remotecontrol systems.""The interpretation of the [complexity] phenomena and the use of the informationIT generates using control systems, although we aim to achieve the highest level ofpredictability of IT systems behavior (and therefore the minimum risk), have adirect impact on the business, "explains the CIO of the bank.”This is why we areintroducing a stability indicator that allows us to have a view on the level ofcomplexity and potential consequences so that this level can determine the profileof the business."A similar view is being created in Banca Popolare di Sondrio through the platformOntoSpace, (risk management solution built by Ontonix that incorporatesprinciples and algorithms for measuring the complexity of systems or processes)this necessarily involves the integration of data and parameters both technical andothers of different nature. "Within the system of control we have collected manydata as well as technical performance indicators from the architecture which isderived from an analysis of operational risks - says Gusmeroli -. These are then
  • 3. integrated with data coming from other systems, such as the balanced scorecard,to determine the risk and to assess their impact on the business. "Referring to case studies developed and looking for example the analysis of abanks server through technology Ontonix, the Bank was able to verify that theperformance of the robustness of the system shows an initial intense activity (bothbatch and user side) which progressively decreases. The system, after a first periodof tension, reaches an equilibrium situation and normal operating conditions.Continuing the analysis, it was also found that the most critical variables appear tobe related to the management of the hard disk storage, element, however, wemanaged to resize. The system during periods of high operational demand is moreexposed to unpredictable reactions, requiring greater management attention."The instrument used for measuring the complexity has also been applied tomeasure the response time of the transactions and then test the behavior ofapplications," said the CIO. "The analysis on the response times of applicationsshowed that the element to be monitored with greater attention are the momentsof discontinuity, i.e. the transition between activities (e.g. from batch to online)."Symptomatic and almost surprising the result of this analysis proved that: 27% oftransactions contribute to 80% of the operational complexity of the system. "Nowwe have more information to determine which applications and transactions arekey-centric [critical pivots] and why, in order to govern the IT systems andprocesses better, thereby reducing the risk leading to a higher index of stability."The analysis at Banca Popolare di Sondrio underway is intended to add otherfeatures on the potential and residual complexity and robustness of IT systems:in the vicinity of the critical level of complexity (to be placed on dashboards withintuitive graphic elements ), when the behaviors of a system becomesunpredictable thus putting stability at high risk. Based on this awareness, the Bankhas initiated plans aimed at monitoring and measuring the potential risk(represented by the critical level of complexity) and residual risk (which comesfrom the distance between the actual measured complexity and the level ofcomplexity identified as critical). The residual risk, in fact, measures the amountof indeterminacy [in concurrent computation] the system is able to withstandbefore starting to lose functionality and become unreliable, while the current riskmeasure the robustness topological and quantifies the ability of the system topreserve its functionality."It goes without saying that in order to maintain an index of stability, of the systemIT must keep a safe distance from the critical level of complexity," says Gusmeroli.

×