Presentation on theme: "IT RISK MANAGEMENT BEST PRACTICES TOOLS AND PROCEDURES Prepared For Futures & Options Expo 2002 -- A Panel Discussion --"— Presentation transcript:
IT RISK MANAGEMENT BEST PRACTICES TOOLS AND PROCEDURES Prepared For Futures & Options Expo A Panel Discussion --
AGENDA I.Introduction, Purpose and Organization of This Panel Discussion II.About Our Panelists III.What Are IT Risk Management Best Practices Tools And Procedures? How Do They Work? How Do They Manage Risk? What Are Their Pros and Cons? IV.What Are Our Panelists Experiences? V.Questions From the Floor
I.INTRODUCTION, PURPOSE AND ORGANIZATION OF THIS PANEL DISCUSSION 1.INTRODUCTION In the Financial Services Industry, when you think of RM, you think of trading controls. And, those trading controls usually rely heavily on automated applications of many types and flavors. But, what if one of these critical applications failed or did not operate properly. What type of IT risk management tools does the CIO use? Whats available to him? Is a suite of risk management tools in place? How are they managed? How do they integrate? How do they manage risk?
… purpose and scope … The PURPOSE of this session is to discuss IT risk management procedures that will significantly reduce business risk, capital drain and loss of competitiveness. Its intention is to make the audience aware of these types of tools – both technologists and users alike – so they can be applied in your own offices. In fact, IT risk management is the front line in the battle to achieve business risk avoidance.
… purpose and scope … The session is organized as follows: Ill tell you the pedigrees of our panelists Next, I will give a brief introduction and explanation about what IT risk management tools are Then, I will ask our panelists to address specific questions about how they acquired these tools and how they use them And, for the last 5-10 minutes of our allotted time, we will answer questions from the audience
II. ABOUT OUR PANELISTS Steve Bass, Senior Vice President, Chief Information Officer, New York Board of Trade William Farrow, Executive Vice President, Chicago Board of Trade Brett Paulson, Senior Vice President, Chief Information Officer, Board of Trade Clearing Corporation Phillip Marks, Project Management Consultant, Rolfe & Nolan Plc Roman Szymansky, President, MicroDesign Services, Inc. Jonathan Weisblatt, Senior Vice President, eTrading/eCommerce, Man Financial Jerry Tellefsen, Moderator, Senior Vice President, Tellefsen Consulting Group, Inc.
III. WHAT ARE IT RISK MANAGEMENT BEST PRACTICES TOOLS? Rapid Application Development (RAD) Quality assurance (QA) Automated test tools Version control Disaster recovery Business continuity planning We will discuss six types of RM tools and processes today : Lets take a brief look at each.
… best practices tools … WHAT ARE THEY? There are rule-based licensed software, that once learned, allow the tool user to have thousands of lines of code developed automatically – almost instantly. WHAT BUSINESS RISK DO THEY HELP AVOID? Mainly, time to market! Imagine if development time would normally take six-nine months to complete and you can do that in one-third the time. The earlier the service is provided to the business user, the less risk there is of losing market share. RAPID APPLICATION DEVELOPMENT (RAD) TOOLS
… best practices tools … WHAT DOES IT DO … WHEN ITS DONE PROPERLY … It assures that the likelihood of failure of any new application put into production is extremely low because it has been so methodologically tested and retested. It is a very strict regimen – and almost as importantly an insurance policy for the CTO/CIO. WHAT BUSINESS RISK DOES IT HELP AVOID? Many kinds. The risk of starting up and failing because the system doesnt perform as advertised. The risk of losing disappointed users. The risk of losing the business. The risk of the CTO/CIO getting fired. QUALITY ASSURANCE (QA)
… best practices tools … WHAT DO THEY DO … They speed significantly all kinds of testing – functionality, stress and failover. They allow one to simulate and test and understand bandwidth requirements. They can be licensed from multiple sources and take some time to learn how to use properly – but well worth investigating. WHAT BUSINESS RISK DO THEY HELP AVOID? Many! Including but not limited to: speedier testing of new and revised software (time to market) and ensuring no system failure when running at maximum capacity. AUTOMATED TEST TOOLS (ARROWS IN THE QA QUIVER)
… best practices tools … WHAT DOES IT DO … Version Control (aka Change Management) keeps track of where (in which computers) each version of application and system software is running. Its methodology ensures that all preliminary steps required to verify the readiness of a new software version to go into production has been accomplished. WHAT BUSINESS RISK DOES IT HELP CONTROL? Mainly, that mission critical applications dont go down when new versions of application and system software are upgraded. It ensures that old versions of existing software will work as expected with the application version being upgraded, and that new features and bug fixes are actually implemented in new releases. VERSION CONTROL
… best practices tools … WHAT DOES IT INCLUDE … First, D/R is not the same as failover. D/R is a capability to keep computer systems running at a back- up data center – with minor hitches – when a catastrophe occurs at a primary data center. WHAT BUSINESS RISK DOES IT HELP CONTROL? Loss of data processing capability DISASTER RECOVERY (D/R)
… best practices tools … WHAT IS IT … Its different than D/R, but clearly includes D/R. Its a strategy and plan to keep the business running by assuring that the people needed to run the business have required facilities and information provided to them quickly. A BCP is very inclusive and detailed and is a dynamic document with multiple accesses for instant availability. WHAT BUSINESS RISK DOES IT HELP AVOID … Talk to anyone affected by 9/11 … BUSINESS CONTINUITY PLANNING (BCP)
IV. WHAT ARE OUR PANELISTS EXPERIENCES?
QUESTIONS FOR PANELISTS 1. What are your experiences with rapid application development tools? 2. For those of you who do not use RAD, why not? 3. Has the QA department ever saved your bacon? 4. Is the role of the QA department clearly understood and appreciated? 5. How do you do new application testing today? 6. How have application testing tools helped you to be risk adverse?
… questions for panelists … 7. What network and security measures do you use? 8. How do you effect version control in your company? 9. Have you ever had a version control disaster? 10. Does your firm have D/R plan.. and do you practice it? 11. What effect did 9/11 have on your D/R focus? 12. Who maintains the BCP in your firm? 13. Did your firm have one on 9/11?