1 / 31

Value Studio 48

Value Studio 48. Digital Responsibilities – Digital risk management. DIGITAL RISK Management – WHY?. The Past is prologue – a few stories. Tales of risk managed poorly. Storyline 1 - lightening can strike twice. Tales of risk managed poorly. Storyline – lightening can strike twice

santosr
Download Presentation

Value Studio 48

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Value Studio 48 Digital Responsibilities – Digital risk management

  2. DIGITAL RISK Management – WHY? The Past is prologue – a few stories

  3. Tales of risk managed poorly • Storyline 1 - lightening can strike twice

  4. Tales of risk managed poorly • Storyline – lightening can strike twice • Circa 2000

  5. Tales of risk managed poorly • Storyline – lightening can strike twice • Circa 2000 • Working in risk management with global investment banking firm

  6. Tales of risk managed poorly • Storyline – lightening can strike twice • Circa 2000 • Working in risk management with global investment banking firm • Designed technology risk management and best practices program

  7. Tales of risk managed poorly • Storyline – lightening can strike twice • Circa 2000 • Working in risk management with global investment banking firm • Designed technology risk management and best practices program • Scope was at global enterprise level • Included: Investment banking/fixed income & equities/commodities - trading

  8. Tales of risk managed poorly (con’t) • Key function of program – identify high risk resources • Perform risk assessment and analysis – including Single point of failure analysis (SPOF)

  9. Tales of risk managed poorly (con’t) • Key function of program – identify high risk resources • Perform risk assessment and analysis – including Single point of failure analysis (SPOF) • Identified global communications and networks as Critical resources

  10. Tales of risk managed poorly (con’t) • Key function of program – identify high risk resources • Perform risk assessment and analysis – including Single point of failure analysis (SPOF) • Identified global communications and networks • Identified West street switching station as a SPOF in US

  11. Tales of risk managed poorly (con’t) • Key function of program – identify high risk resources • Perform risk assessment and analysis – including Single point of failure analysis (SPOF) • Identified global communications and networks • Identified West street switching station as SPOF in US • Concluded that risk reduction was not possible

  12. Tales of risk managed poorly (con’t) • Key function of program – identify high risk resources • Perform risk assessment and analysis – including Single point of failure analysis (SPOF) • Identified global communications and networks • Identified West street switching station as SPOF in US • Concluded that risk reduction was not possible • Management was apprised and negotiations with vendor pursued

  13. Lightening Strikes 200,000 voices lines inoperable 3 million data circuits destroyed Building restored by 3,500 workers At a cost of $ 3 Billion

  14. Lightening postscript – aftermath report • many of the 34,000 Telecom customers did not realize their lines were dependent upon Verizon • Many competitors leased lines from Verizon w/o disclosure

  15. Roll forward the Calendar - Lightening # 2 10/22/2012 …” 140 West Street—was in a state of crisis not seen since the 9/11 attacks, which partially destroyed the building…”

  16. More Tales of risk managed poorly • Storyline 1 - lightening can strike twice • Storyline 2 - the cio who cared

  17. More Tales of risk managed poorly • Storyline 1 - lightening can strike twice • Storyline 2 - the cio who cared • Storyline 3 - the airport that did not …

  18. More Tales of risk managed poorly • Storyline 1 - lightening can strike twice • Storyline 2 - the cio who cared • Storyline 3 - the airport that did not … • Storyline 4 - A credit failure that may have impacted - you

  19. Is Effective Risk Management Possible ? Yes , If you • Yes - but Adhere to these practices

  20. Additional Requisites for success • Design a process • Select a framework • Define entity • Define larger ecosystem • Define risks at the business level • Design controls to protect the business • Perform RCAon all control failures • Institute “can this happen here?”

  21. The Organizational Challenge

  22. Risks spawned by Digital transformations

  23. New Products/services – a new paradigm Pre-transformation process Transformation adept

  24. Advertising’s ‘Mad Men’ Bristle at the Digital Revolution WSJ – 01/19/2018 One of the world’s biggest ad agencies, Publicis Groupe SA, PUBGY 1.14% fully felt the disruptive power of advertising’s digital revolution when McDonald’s Corp. put its account into play…” Publicis lost the McDonald’s contract to Omnicom Group Inc., which had worked with Facebook Inc. and Alphabet Inc.’s Google to assemble a team of creative talent and data experts…The ad industry is in upheaval as it grapples with the rise of big data and analytics. Ad giants such as WPP PLC, Omnicom and Publicis have gone on acquisition sprees, bringing legions of information-technology experts into their ranks…”

  25. Cio who cared CIO global equities – informed of major trading outage – Europe Asked why “best practices “ REVIEW DID NOT IDENTIFY RISK Informed that practices were in place DB owner did not respond to alert of storage at critical level Requested that future alerts directed to Him as well as DB owner TAKEAWAY Hidden implications due to wall street payment plans – “bonus” Need for awareness and education Improve overall reporting and benefits statement

  26. The airport that did not • On December 17, 2017 a fire in an underground tunnel caused a power outage to the Atlanta international airport • Because the fire was in a tunnel adjacent to the back-up cables the “fail-safe system was knocked out as well • As a result over 1,175 flights were cancelled; delta alone estimated loss revenue of $25 -50 million, as well as the wide spread havoc of the up to 275,000 passengers on average who use the airport on a daily basis • Key takeaways • No single point of failure analysis • No apparent disaster recovery testing and contingency planning • Lack of supply chain risk assessments by airport agency / Georgia power / airlines that use the facility • Other airports should conduct their own assessment

  27. A credit failure that may have impacted - you • On September 7th 2017 Equifax – one of three major US Credit bureaus disclosed that hackers had compromised sensitive data of over 143 million consumers including SS#’s • Since then – the CEO/Cio/ciso have retired ; it has incurred $27.3M in incident related costs • It is also facing 240 class action lawsuits and more than regulatory/governmental inquiries • ironically , in august 2016 MSCI an independent research firm insights and for institutional investors downgraded Equifax to its lowest possible ESG rating ( enviro/social/Governance) – essentially a zero • Takeaways • Business and regulatory oversight may be lax in markets with few players • ESG ratings should be taken more seriously • Equifax – did not take security seriously

  28. Adopt a framework - examples • National Institute of standards and technology ( NIST ) – the gold std in US Gov’t • International organization for standards ( ISO ) – global acceptance • Committee of sponsoring organizations of the Treadway commission ( COSO ) – ERM • International professional association for information technolog management and it governance – ( ISACA ) – COBIT 5 – Global w/focus on IT

More Related