Newsletter, October 2009 - IDRBT
Newsletter, October 2009 - IDRBT
Newsletter, October 2009 - IDRBT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Fast Forward<br />
<strong>October</strong> <strong>2009</strong><br />
IT Risk Management<br />
Having logged into Basel II already, banks are only too aware that pervasive IT constitutes 70% of their<br />
Operational Risk. In other words, 7% of the additional capital they have to provide (with an alpha of 10%)<br />
for operational risk will be to cover their IT risks. These IT risks can be more effectively managed with an<br />
organizational mechanism, with board level commitment, which makes use of sound policies, for each and<br />
every aspect of IT deployment, usage and control, backed up by international standards and best practices.<br />
These policies get translated into procedures at the top management level and these procedures get split<br />
into detailed practices (and guidelines) for the grass root functionaries to religiously follow.<br />
A functional, supportive organisational structure is a sine qua non for the successful implementation of the<br />
policies and satisfactory achievement of the objectives. Banks need to have an effective IT Risk<br />
Management in place. In fact, it is time for the banks to take stock of the policies in place, the level of<br />
commitment, understanding and implementation, and put in place the required organisational structures<br />
to support and achieve the desired results.<br />
IT Resource Management<br />
IT Resources can be broadly classified into five major categories: Data, Applications, Technology,<br />
Facilities and People. Acquiring, maintaining, using, leveraging, protecting and ultimately ensuring that all<br />
these resources are put to effective and proper use to achieve the corporate business objectives will demand<br />
enormous clarity, time, attention and commitment from bank managements and the involvement of the<br />
rank and file.<br />
Each of these resources should have clearly defined owners, mandated access and usage control matrices,<br />
backup and recovery norms and accepted/acceptable standards of performance and reliability to make<br />
them serve the purpose for which they exist. Banks have to gear themselves up in this regard for getting the<br />
best out of their IT.<br />
NEW DIRECTIONS : A High-powered committee under the Chairmanship of<br />
Dr. C. Rangarajan reviews the Institute's activities to redefine the role of <strong>IDRBT</strong><br />
2