Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Staying Safe In A Quickly Evolving World
1. Staying Safe In A Quickly Evolving World
Information Technology
Going Digital & Associated Risks
2. Andrews Duffy
• Why Us – independent advice, take ownership of IT on your behalf, work with
your IT providers, non techie chats on IT, trusted
• Risk Management
• Project Management
• IT Management – ownership of IT on your behalf
• IT Audits & Security Reviews
• Brian Andrews brian@andrewsduffy.ie
• www.andrewsduffy.ie
3. Current Digital Membership Solutions (Available)
• Online Banking Services - website
• Online Loan Applications, Processing and Approval
• Mobile Applications
• Current Accounts
• New Member Onboarding
Inhouse Resources
• AML Processing
• Customer Relationship Marketing
4. Digitisation
Interaction with customers online, email, social media or mobile (app)
• Methods of Communication
• Spread of Information/News quicker and more accurate
• Smaller Entities can Target Niche Segments or Geographical Locations
• Leverage Products, Services, Processes (Strategy)
• Free up resources, staff time
• Greater Exposure to potential avenues for Cyber Security Issues
• Cost
• Keeping your message relevant to your audience (Digital Marketing)
• Persons to understand how it all works together (Staff / Contractors)
Positive
Negative
5. Regulations & Guidance
Challenge to Risk Officers & CEO’s
• Who keeps you informed?
• How do you distinguish - what is required vs what
is nice to have?
• Who understands the audit findings?
CBI, EBA, ECB, PRA (UK)
Regulations, Reports, Guidance, Reviews and
Papers on IT Risks for financial institutions
6. “Information Technology is an
Operational Risk, it is a core
enabler of the business function
of any institution”
Central Bank of Ireland, PRISM Report
7. Management of ‘Risk’
“A Potential, Negative, Consequential Event “
Imagine the phone ringing at a point
in the future and hearing…..
Something has happened and serious
consequences has occurred
Is it preventable or can it be mitigated
now?
8. Risks Relevant to Boards & Management Team
• Credit Union Business Strategy is determined by the product offerings of core banking products
• Limited choice / cost of moving (disruption)
• Limited knowledge of their supply chain – who provides IT services to them
• Cyber Risks – Ransomware, Email, Data Breaches
• IT Risks – Updates to software (patches), obsolete equipment
• Governance – Policies not reflective of the IT requirements of CU
• Risk of not having active management of the IT Solution,
• Most providers provide a ‘breakfix or managed service provision’ (Reactive)
• Redundancy / Backups of Solution (BCP)
Understanding the Technology, Terminology and IT in general
• Many credit unions do not have volunteers to assist / advice on IT
• Many CEO’s rely on 3rd Party providers / CUDS to keep them aware of issues
9. Being Prepared – What If
• Asset Register
• System Updates (Patches)
• Passwords control
• Security Controls
• Training of Staff & BOD
• Resilience of Plan, Test & LEARN
10. Best Practice
• Understanding the Risk
• IT Asset Register & Risk Register
• IT Governance (Review of Policies & Procedures)
• Systems updated & patched; Antivirus, Firewall, Desktop & Servers – Logs Reviewed
• Awareness & Training
• Education & Training of Staff
• Ongoing Development of Policies & Procedures
• Communication
• Working with Risk Officer, Manager, Risk/Audit Committee
• Future Proofing
• Share & Seek Advice on IT Solutions
Digital transformation is an essential condition for credit unions to operate, it provides a whole new set of competitive skills and platforms for members. On the other hand, puts credit unions in the face of a whole new series of risks that they have to understand and manage.
The two large players have similar product offerings –
Online Banking Solutions,
Online Loan Applications,
Mobile Applications,
Current Accounts.
Separately solutions to save credit union resources for AML processing and customer relationship marketing
Digitalisation
Digital interaction with customers is allowing organisations to provide a richer user experience – online, email or mobile.
With our current working environments, online services are important to each CU’s future sustainability, with cost a large factor. The larger CUs have sophisticated IT support systems and are more concerned with keeping up-to-date with the latest digital technology and applications. The smaller CUs, on the other hand, are concerned about their inability to provide even basic digital services through the cost of deploying these solutions.
Members may never have to step across the threshold of the credit union
Many credit unions are now focusing on big data and data analytics - to drive strategy, operational activity, and marketing,
the online member platforms are only a tool to better engage with members.
All of these papers outline a variety of Risks for Credit Unions.
There are numerous papers produced each quarter reflecting, as we all know the current risks that IT brings to any industry.
There is a challenge to credit unions to keep abreast of all of these regulations, understand their content.
Again, the risk is that your risk officer, CEO and or Risk Committee may not be aware of them, let alone understand their potential impact to the credit union.
We have to consider the Information Technology risk to credit unions and all business entities.
The results of poor Risk Management can result in financial losses due to bad decisions,
theft of personal / customer information
hurting the credit unions brand, reputation,
GDPR and violating laws,
audits and prosecutions.
Information Technology has specific issues it must address relative to security and protection of data assets.
Balance the needs of operations with that of security and member services
Define the event – it’s the potential of a thing to turn into a reality
The phone never rings at 9am on a Monday morning, it tends to be 4pm on a Friday evening.
The nature of IT, is that it is best being proactive rather than reactive.
Having worked with many boards, I have observed that when IT is mentioned, eyes start to gloss over, many people get lost with the terms, phrases or technology.
Some are lucky to have a person who has a background in IT and can step in when needed with advice.
Risks to credit unions
Understand that the CU business strategy is influenced by the capabilities of IT which in turn comes from the product offerings of their core banking provider.
Cyber Issues, keeping abreast of IT –
Credit unions have a break fix / managed service solution, a reacrtionary solution.
How do you know if your policies match the need of the Business Continuity Plan
How do you actively reviewed the outsourced service provider on behalf of your own credit union?
Many times, credit union managers and boards are left with their 3rd party IT Service Providers to explain the need for X, Y and Z with out the understanding on how it fits with in the strategy of the credit union.
Information Technology Going Digital & Associated Risks is about understanding the nature of IT, breaking it down into sectors
Keeping the status quo operational, incremental changes to the policies and procedures.
Old equipment is cycled out of the system when required.
Ensuring that updates occur, Working with the IT vendors to manage risk, building backups in to the system, resources accordingly.
Develop an Asset register of all IT equipment
Ensure updates are enabled
Review the access control for users
Develop a training plan for staff, BOD
Work with risk officer to develop scenario to test the readiness against our plan
Best Practice is what an organisation would look like
Risk analysis, monitor and control where possible
Ensure policies & procedures are relevant to the credit union based on best practice
Awareness – develop a training program for staff & BOD to educate on the best use of IT in the workplace
Communication – regular meetings with stakeholders to ensure transparency on the program of work, done scheduled
Future Proofing – work with staff to ensure the correct use of the IT solution.
Determine the future needs of the CU and in vestige potential savings of a collective working group.
We have tailored our services for the credit union environment, partly based from the reports from the Central Bank.
These focus on
IT Governance
IT Systems & Security
Business Continuity Plan
IT Outsourcing & Vendor Management
Training
Reports to the Board and Audit Committee