160 likes | 344 Views
IT RISK MANAGEMENT BEST PRACTICES TOOLS AND PROCEDURES. -- A Panel Discussion --. Prepared For Futures & Options Expo 2002. AGENDA. Introduction, Purpose and Organization of This Panel Discussion About Our Panelists What Are IT Risk Management Best Practices Tools And Procedures?
E N D
IT RISK MANAGEMENT BEST PRACTICES TOOLS AND PROCEDURES -- A Panel Discussion -- Prepared For Futures & Options Expo 2002
AGENDA • Introduction, Purpose and Organization of This Panel Discussion • About Our Panelists • What Are IT Risk Management Best Practices Tools And Procedures? • How Do They Work? • How Do They Manage Risk? • What Are Their Pros and Cons? • What Are Our Panelists’ Experiences? • Questions From the Floor
INTRODUCTION, PURPOSE ANDORGANIZATION OF THIS PANEL DISCUSSION 1. INTRODUCTION In the Financial Services Industry, when you think of RM, you think of trading controls. And, those trading controls usually rely heavily on automated applications of many types and flavors. But, what if one of these critical applications failed or did not operate properly. What type of IT risk management tools does the CIO use? What’s available to him? Is a suite of risk management tools in place? How are they managed? How do they integrate? How do they manage risk?
… purpose and scope … The PURPOSE of this session is to discuss IT risk management procedures that will significantly reduce business risk, capital drain and loss of competitiveness. Its intention is to make the audience aware of these types of tools – both technologists and users alike – so they can be applied in your own offices. In fact, IT risk management is the “front line” in the battle to achieve business risk avoidance.
… purpose and scope … • The session is organized as follows: • I’ll tell you the pedigrees of our panelists • Next, I will give a brief introduction and explanation about what IT risk management tools are • Then, I will ask our panelists to address specific questions about how they acquired these tools and how they use them • And, for the last 5-10 minutes of our allotted time, we will answer questions from the audience
II. ABOUT OUR PANELISTS • Steve Bass, Senior Vice President, Chief Information Officer, New York Board of Trade • William Farrow, Executive Vice President, Chicago Board of Trade • Brett Paulson, Senior Vice President, Chief Information Officer, Board of Trade Clearing Corporation • Phillip Marks, Project Management Consultant, Rolfe & Nolan Plc • Roman Szymansky, President, MicroDesign Services, Inc. • Jonathan Weisblatt, Senior Vice President, eTrading/eCommerce, Man Financial • Jerry Tellefsen, Moderator, Senior Vice President, Tellefsen Consulting Group, Inc.
III.WHAT ARE IT RISK MANAGEMENT BEST PRACTICES TOOLS? We will discuss six types of RM tools and processes today: • Rapid Application Development (RAD) • Quality assurance (QA) • Automated test tools • Version control • Disaster recovery • Business continuity planning Let’s take a brief look at each.
… best practices tools … RAPID APPLICATION DEVELOPMENT (RAD) TOOLS WHAT ARE THEY? There are rule-based licensed software, that once learned, allow the tool user to have thousands of lines of code developed automatically – almost instantly. WHAT BUSINESS RISK DO THEY HELP AVOID? Mainly, time to market! Imagine if development time would normally take six-nine months to complete and you can do that in one-third the time. The earlier the service is provided to the business user, the less risk there is of losing market share.
… best practices tools … QUALITY ASSURANCE (QA) WHAT DOES IT DO … WHEN ITS DONE PROPERLY … It assures that the likelihood of failure of any new application put into production is extremely low because it has been so methodologically tested and retested. It is a very strict regimen – and almost as importantly an insurance policy for the CTO/CIO. WHAT BUSINESS RISK DOES IT HELP AVOID? Many kinds. The risk of starting up and failing because the system doesn’t perform as advertised. The risk of losing disappointed users. The risk of losing the business. The risk of the CTO/CIO getting fired.
… best practices tools … AUTOMATED TEST TOOLS (ARROWS IN THE QA QUIVER) WHAT DO THEY DO … They speed significantly all kinds of testing – functionality, stress and failover. They allow one to simulate and test and understand bandwidth requirements. They can be licensed from multiple sources and take some time to learn how to use properly – but well worth investigating. WHAT BUSINESS RISK DO THEY HELP AVOID? Many! Including but not limited to: speedier testing of new and revised software (time to market) and ensuring no system failure when running at maximum capacity.
… best practices tools … VERSION CONTROL WHAT DOES IT DO … Version Control (aka Change Management) keeps track of where (in which computers) each version of application and system software is running. Its methodology ensures that all preliminary steps required to verify the readiness of a new software version to go into production has been accomplished. WHAT BUSINESS RISK DOES IT HELP CONTROL? Mainly, that mission critical applications don’t go down when new versions of application and system software are upgraded. It ensures that old versions of existing software will work as expected with the application version being upgraded, and that new features and bug fixes are actually implemented in new releases.
… best practices tools … DISASTER RECOVERY (D/R) WHAT DOES IT INCLUDE … First, D/R is not the same as failover. D/R is a capability to keep computer systems running at a back-up data center – with minor hitches – when a catastrophe occurs at a primary data center. WHAT BUSINESS RISK DOES IT HELP CONTROL? Loss of data processing capability
… best practices tools … BUSINESS CONTINUITY PLANNING (BCP) WHAT IS IT … Its different than D/R, but clearly includes D/R. It’s a strategy and plan to keep the business running by assuring that the people needed to run the business have required facilities and information provided to them quickly. A BCP is very inclusive and detailed and is a dynamic document with multiple accesses for instant availability. WHAT BUSINESS RISK DOES IT HELP AVOID … Talk to anyone affected by 9/11 …
QUESTIONS FOR PANELISTS • What are your experiences with rapid application development tools? • For those of you who do not use RAD, why not? • Has the QA department ever “saved your bacon?” • Is the role of the QA department clearly understood and appreciated? • How do you do new application testing today? • How have application testing tools helped you to be risk adverse?
… questions for panelists … • What network and security measures do you use? • How do you effect version control in your company? • Have you ever had a version control disaster? • Does your firm have D/R plan .. and do you practice it? • What effect did 9/11 have on your D/R focus? • Who maintains the BCP in your firm? • Did your firm have one on 9/11?