Risk Management for Business, Business Continuity, Operational Resiliance, IT Strategy, Digital Marketing, Asset Register, Risk Matrix, EBA, ECB, Digital Transformation, Information Technology, Cyber Risk, Board of Directors Risk Understanding, Ransomware, Cyber Breach, GDPR, Password Control, Audit, Governance, Compliance

1. Staying Safe In A Quickly Evolving World
Information Technology
Going Digital & Associated Risks

2. Andrews Duffy
• Why Us – independent advice, take ownership of IT on your behalf, work with
your IT providers, non techie chats on IT, trusted
• Risk Management
• Project Management
• IT Management – ownership of IT on your behalf
• IT Audits & Security Reviews
• Brian Andrews brian@andrewsduffy.ie
• www.andrewsduffy.ie

3. Current Digital Membership Solutions (Available)
• Online Banking Services - website
• Online Loan Applications, Processing and Approval
• Mobile Applications
• Current Accounts
• New Member Onboarding
Inhouse Resources
• AML Processing
• Customer Relationship Marketing

4. Digitisation
Interaction with customers online, email, social media or mobile (app)
• Methods of Communication
• Spread of Information/News quicker and more accurate
• Smaller Entities can Target Niche Segments or Geographical Locations
• Leverage Products, Services, Processes (Strategy)
• Free up resources, staff time
• Greater Exposure to potential avenues for Cyber Security Issues
• Cost
• Keeping your message relevant to your audience (Digital Marketing)
• Persons to understand how it all works together (Staff / Contractors)
Positive
Negative

5. Regulations & Guidance
Challenge to Risk Officers & CEO’s
• Who keeps you informed?
• How do you distinguish - what is required vs what
is nice to have?
• Who understands the audit findings?
CBI, EBA, ECB, PRA (UK)
Regulations, Reports, Guidance, Reviews and
Papers on IT Risks for financial institutions

6. “Information Technology is an
Operational Risk, it is a core
enabler of the business function
of any institution”
Central Bank of Ireland, PRISM Report

7. Management of ‘Risk’
“A Potential, Negative, Consequential Event “
Imagine the phone ringing at a point
in the future and hearing…..
Something has happened and serious
consequences has occurred
Is it preventable or can it be mitigated
now?

8. Risks Relevant to Boards & Management Team
• Credit Union Business Strategy is determined by the product offerings of core banking products
• Limited choice / cost of moving (disruption)
• Limited knowledge of their supply chain – who provides IT services to them
• Cyber Risks – Ransomware, Email, Data Breaches
• IT Risks – Updates to software (patches), obsolete equipment
• Governance – Policies not reflective of the IT requirements of CU
• Risk of not having active management of the IT Solution,
• Most providers provide a ‘breakfix or managed service provision’ (Reactive)
• Redundancy / Backups of Solution (BCP)
Understanding the Technology, Terminology and IT in general
• Many credit unions do not have volunteers to assist / advice on IT
• Many CEO’s rely on 3rd Party providers / CUDS to keep them aware of issues

9. Being Prepared – What If
• Asset Register
• System Updates (Patches)
• Passwords control
• Security Controls
• Training of Staff & BOD
• Resilience of Plan, Test & LEARN

10. Best Practice
• Understanding the Risk
• IT Asset Register & Risk Register
• IT Governance (Review of Policies & Procedures)
• Systems updated & patched; Antivirus, Firewall, Desktop & Servers – Logs Reviewed
• Awareness & Training
• Education & Training of Staff
• Ongoing Development of Policies & Procedures
• Communication
• Working with Risk Officer, Manager, Risk/Audit Committee
• Future Proofing
• Share & Seek Advice on IT Solutions

11. brian@andrewsduffy.ie Brian Andrews
www.andrewsduffy.ie