SlideShare ist ein Scribd-Unternehmen logo

How To Integrate Business Risk & IT Risk

Als PPTX, PDF herunterladen
SureCloud
SureCloud

SureCloud’s GRC Practice Director talks us through: • The challenges Integrated Risk Management (IRM) causes • Outlining how operational and IT Risk must work together • An approach for creating a model within your own business with the right GRC technology • The benefits of integration for internal communication and the relationships within your business

Technologie
1 von 33
How To Integrate Business Risk & IT Risk Alex Hollis, VP, GRC Services 1
Disclaimer Presentations are intended for educational purposes only and do not replace independent professional judgment. Risk is a complex word with many different definitions and approaches, there is no one size fits all advice, method or process to achieving successful operational and IT risk management.
3 Introduction During this session you will leave with… An Appreciation of Integrated Risk challenges An Understanding of how Operational and IT Risk must work together An approach for creating a model within your own business 1 2 3
What is IRM? www.surecloud.com © 2019 SureCloud. All rights reserved. 4 Automating and integrating strategic, operational and IT risk management.
5 IRM will catch you out The easy solution won’t scale. Start today it’ll only get harder. 42% Require Substantial Work. www.surecloud.com © 2019 SureCloud. All rights reserved. Complexity Size of Company
6 A simple example • Single location • No ‘corporate’ unit • <5 Employees • <5 Suppliers • 1 x IP-Address-less till • Boilerplate compliance • Simple continuity plans • Not a big target for fraud/crime www.surecloud.com © 2019 SureCloud. All rights reserved.
7 A complex example • Multiple locations • Multiple business units • 100+ Staff • 50+ Suppliers • Regulation • Custom compliance • Complex networked EPOS system • Back office IT systems • Online store front • More of a target for fraud / crime www.surecloud.com © 2019 SureCloud. All rights reserved.
8 Excel hell www.surecloud.com © 2019 SureCloud. All rights reserved.
9 What is IRM? www.surecloud.com © 2019 SureCloud. All rights reserved. Third Party Audit Compliance Policy Risk GDPR, PCI & ISO IRM Platform Third Party Audit GDPR Policy Compliance Risk PCI ISO IRM Niche Tools
10 What do we need? www.surecloud.com © 2019 SureCloud. All rights reserved. Context Collaboration Reporting Transparency Communication Agility Accountability
11 Why is it so difficult? www.surecloud.com © 2019 SureCloud. All rights reserved. Risk is a discussion No common language Limited top down support Methods, scale, approach all differ Everything is a negotiation
12 Always Be Certain Op Risk & IT Risk IRM www.surecloud.com © 2019 SureCloud. All rights reserved.
13 Operational Risk www.surecloud.com © 2019 SureCloud. All rights reserved. What is important? What is dangerous? What is real?
14 The overall picture www.surecloud.com © 2019 SureCloud. All rights reserved. Strategic Operational Functional
15www.surecloud.com © 2019 SureCloud. All rights reserved. IRM
16www.surecloud.com © 2019 SureCloud. All rights reserved.
17www.surecloud.com © 2019 SureCloud. All rights reserved.
18www.surecloud.com © 2019 SureCloud. All rights reserved. After Before IRM
19 Bridging the divide www.surecloud.com © 2019 SureCloud. All rights reserved. Business Objectives Business Processes Applications Infrastructure
20 Building a Model www.surecloud.com © 2019 SureCloud. All rights reserved.
21www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Step 1: Document the entities
22www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise The purpose of the Board of Directors’ Risk Policy Committee (“DRPC”) is to assist the Board in its oversight of the operation of the Firm’s global risk management framework and to approve and periodically review the primary risk-management policies of the Firm’s global operations. The Committee’s responsibilities include oversight of management’s exercise of its responsibility to assess and manage: • credit risk • market risk • investment risk • liquidity risk • country risk • estimations and model risk • operational risk • compliance risk including fiduciary risk The governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk; and capital and liquidity planning and analysis. The DRPC oversees reputational risks and conduct risks within its scope of responsibility. -JP Morgan Chase (https://www.jpmorganchase.com/corporate/About-JPMC/ab-risk-committee.htm)
23www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise The purpose of the Board of Directors’ Risk Policy Committee (“DRPC”) is to assist the Board in its oversight of the operation of the Firm’s global risk management framework and to approve and periodically review the primary risk-management policies of the Firm’s global operations. The Committee’s responsibilities include oversight of management’s exercise of its responsibility to assess and manage: credit risk, market risk, investment risk, liquidity risk, country risk, estimations and model risk, operational risk, and compliance risk including fiduciary risk the governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk; and capital and liquidity planning and analysis. The DRPC oversees reputational risks and conduct risks within its scope of responsibility. -JP Morgan Chase (https://www.jpmorganchase.com/corporate/About-JPMC/ab-risk-committee.htm)
24www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Risk Management Framework Risk (various types) Risk Appetite Governance Framework Oversight Operations Oversight Management Capital Liquidity and Planning Risk Identification Risk Category / Taxonomy Policies (including risk management policies)
25www.surecloud.com © 2019 SureCloud. All rights reserved. Risk Management Framework Governance Framework Capital Liquidity and Planning Risk (various types) Risk Appetite Risk Identification Risk Category / Taxonomy Oversight Operations Oversight Management Policies (including risk management policies) Step 1: Entities Step 2: Relationships Step 3: Realise
26www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise • Objective / Goal • Department / Function / BU • Process • Application • Information • Infrastructure / Devices • Incidents • Vulnerabilities • Third Parties • Risk • Control • Policy • Regulation
27www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Business Objective Department / Function Business Processes Supply / Third Party Risk Control Policy Regulations Actions/Tasks Information Incidents VulnerabilitiesInfrastructure Applications
28www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise
29www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Business Objective Department / Function Business Processes Supply / Third Party Information Incidents Vulnerabilities Infrastructure Risk Control Policy Regulations Actions/Tasks Applications
30www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Ability to change Abilitytohandlecomplexity Custom Program Excel GRC Technology Pen & Paper DMS
31www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise
32 Who am I? I have over 16 years’ experience in IT, mobile technology and software development. I have spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, I received a platinum-level excellence award for my work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, I have analyzed, designed and implemented GRC technology into 60 companies, including some of the largest and most complex environments. My experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services and insurance. www.surecloud.com © 2019 SureCloud. All rights reserved. Email Twitter LinkedIn Alex Hollis - VP, GRC Services Thank You
Thank you www.surecloud.com

Empfohlen

Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk
Mark Gibson
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
Tripwire
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
Phil Agcaoili
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 

Empfohlen

Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk
Mark Gibson
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
Tripwire
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
Phil Agcaoili
 
Risk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom AgendaRisk Leadership on the Boardroom Agenda
Risk Leadership on the Boardroom Agenda
FERMA
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
John Budriss
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Citrin Cooperman
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
Christine Maligec, CRM-E, CRIS
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
Niren Thanky
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The Economist Media Businesses
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
Bilha Diaz
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
balejandre
 
The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019
Insights success media and technology pvt ltd
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
The Economist Media Businesses
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Optimum Interaction Overview
Optimum Interaction OverviewOptimum Interaction Overview
Optimum Interaction Overview
Andre Gorvel
 
Ciso NYC
Ciso NYCCiso NYC
Ciso NYC
BrianHouse
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
David Sweigert
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Subhajit Bhuiya
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
Citrin Cooperman
 
fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1
Yigal Behar
 
Ilta09 Law Firm Risk Management D Cunningham
Ilta09 Law Firm Risk Management D CunninghamIlta09 Law Firm Risk Management D Cunningham
Ilta09 Law Firm Risk Management D Cunningham
Baker Robbins & Company
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
iasaglobal
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
QuekelsBaro
 

Weitere ähnliche Inhalte

Was ist angesagt?

CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
John Budriss
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The Economist Media Businesses
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
Bilha Diaz
 
Optimum Interaction Overview
Optimum Interaction OverviewOptimum Interaction Overview
Optimum Interaction Overview
Andre Gorvel
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Subhajit Bhuiya
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
Citrin Cooperman
 
fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1
Yigal Behar
 

Was ist angesagt? (20)

CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019The 10 most trusted risk management solution providers 2019
The 10 most trusted risk management solution providers 2019
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
 
Optimum Interaction Overview
Optimum Interaction OverviewOptimum Interaction Overview
Optimum Interaction Overview
 
Ciso NYC
Ciso NYCCiso NYC
Ciso NYC
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
 
fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1fund-managers-on-the-hunt-1
fund-managers-on-the-hunt-1
 
Ilta09 Law Firm Risk Management D Cunningham
Ilta09 Law Firm Risk Management D CunninghamIlta09 Law Firm Risk Management D Cunningham
Ilta09 Law Firm Risk Management D Cunningham
 

Ähnlich wie How To Integrate Business Risk & IT Risk

Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SureCloud
 
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
SirionLabs
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
Nidhi Gupta
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
Nidhi Gupta
 

Ähnlich wie How To Integrate Business Risk & IT Risk (20)

Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
 
Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India Affiliate
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloud
 
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
What Business Leaders and Regulators Want: Managing Third-Party Risk in Finan...
 
Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Most admired companies to watch 2019
Most admired companies to watch 2019Most admired companies to watch 2019
Most admired companies to watch 2019
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

How To Integrate Business Risk & IT Risk

  • 1. How To Integrate Business Risk & IT Risk Alex Hollis, VP, GRC Services 1
  • 2. Disclaimer Presentations are intended for educational purposes only and do not replace independent professional judgment. Risk is a complex word with many different definitions and approaches, there is no one size fits all advice, method or process to achieving successful operational and IT risk management.
  • 3. 3 Introduction During this session you will leave with… An Appreciation of Integrated Risk challenges An Understanding of how Operational and IT Risk must work together An approach for creating a model within your own business 1 2 3
  • 4. What is IRM? www.surecloud.com © 2019 SureCloud. All rights reserved. 4 Automating and integrating strategic, operational and IT risk management.
  • 5. 5 IRM will catch you out The easy solution won’t scale. Start today it’ll only get harder. 42% Require Substantial Work. www.surecloud.com © 2019 SureCloud. All rights reserved. Complexity Size of Company
  • 6. 6 A simple example • Single location • No ‘corporate’ unit • <5 Employees • <5 Suppliers • 1 x IP-Address-less till • Boilerplate compliance • Simple continuity plans • Not a big target for fraud/crime www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 7. 7 A complex example • Multiple locations • Multiple business units • 100+ Staff • 50+ Suppliers • Regulation • Custom compliance • Complex networked EPOS system • Back office IT systems • Online store front • More of a target for fraud / crime www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 8. 8 Excel hell www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 9. 9 What is IRM? www.surecloud.com © 2019 SureCloud. All rights reserved. Third Party Audit Compliance Policy Risk GDPR, PCI & ISO IRM Platform Third Party Audit GDPR Policy Compliance Risk PCI ISO IRM Niche Tools
  • 10. 10 What do we need? www.surecloud.com © 2019 SureCloud. All rights reserved. Context Collaboration Reporting Transparency Communication Agility Accountability
  • 11. 11 Why is it so difficult? www.surecloud.com © 2019 SureCloud. All rights reserved. Risk is a discussion No common language Limited top down support Methods, scale, approach all differ Everything is a negotiation
  • 12. 12 Always Be Certain Op Risk & IT Risk IRM www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 13. 13 Operational Risk www.surecloud.com © 2019 SureCloud. All rights reserved. What is important? What is dangerous? What is real?
  • 14. 14 The overall picture www.surecloud.com © 2019 SureCloud. All rights reserved. Strategic Operational Functional
  • 15. 15www.surecloud.com © 2019 SureCloud. All rights reserved. IRM
  • 16. 16www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 17. 17www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 18. 18www.surecloud.com © 2019 SureCloud. All rights reserved. After Before IRM
  • 19. 19 Bridging the divide www.surecloud.com © 2019 SureCloud. All rights reserved. Business Objectives Business Processes Applications Infrastructure
  • 20. 20 Building a Model www.surecloud.com © 2019 SureCloud. All rights reserved.
  • 21. 21www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Step 1: Document the entities
  • 22. 22www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise The purpose of the Board of Directors’ Risk Policy Committee (“DRPC”) is to assist the Board in its oversight of the operation of the Firm’s global risk management framework and to approve and periodically review the primary risk-management policies of the Firm’s global operations. The Committee’s responsibilities include oversight of management’s exercise of its responsibility to assess and manage: • credit risk • market risk • investment risk • liquidity risk • country risk • estimations and model risk • operational risk • compliance risk including fiduciary risk The governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk; and capital and liquidity planning and analysis. The DRPC oversees reputational risks and conduct risks within its scope of responsibility. -JP Morgan Chase (https://www.jpmorganchase.com/corporate/About-JPMC/ab-risk-committee.htm)
  • 23. 23www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise The purpose of the Board of Directors’ Risk Policy Committee (“DRPC”) is to assist the Board in its oversight of the operation of the Firm’s global risk management framework and to approve and periodically review the primary risk-management policies of the Firm’s global operations. The Committee’s responsibilities include oversight of management’s exercise of its responsibility to assess and manage: credit risk, market risk, investment risk, liquidity risk, country risk, estimations and model risk, operational risk, and compliance risk including fiduciary risk the governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk; and capital and liquidity planning and analysis. The DRPC oversees reputational risks and conduct risks within its scope of responsibility. -JP Morgan Chase (https://www.jpmorganchase.com/corporate/About-JPMC/ab-risk-committee.htm)
  • 24. 24www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Risk Management Framework Risk (various types) Risk Appetite Governance Framework Oversight Operations Oversight Management Capital Liquidity and Planning Risk Identification Risk Category / Taxonomy Policies (including risk management policies)
  • 25. 25www.surecloud.com © 2019 SureCloud. All rights reserved. Risk Management Framework Governance Framework Capital Liquidity and Planning Risk (various types) Risk Appetite Risk Identification Risk Category / Taxonomy Oversight Operations Oversight Management Policies (including risk management policies) Step 1: Entities Step 2: Relationships Step 3: Realise
  • 26. 26www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise • Objective / Goal • Department / Function / BU • Process • Application • Information • Infrastructure / Devices • Incidents • Vulnerabilities • Third Parties • Risk • Control • Policy • Regulation
  • 27. 27www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Business Objective Department / Function Business Processes Supply / Third Party Risk Control Policy Regulations Actions/Tasks Information Incidents VulnerabilitiesInfrastructure Applications
  • 28. 28www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise
  • 29. 29www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Business Objective Department / Function Business Processes Supply / Third Party Information Incidents Vulnerabilities Infrastructure Risk Control Policy Regulations Actions/Tasks Applications
  • 30. 30www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise Ability to change Abilitytohandlecomplexity Custom Program Excel GRC Technology Pen & Paper DMS
  • 31. 31www.surecloud.com © 2019 SureCloud. All rights reserved. Step 1: Entities Step 2: Relationships Step 3: Realise
  • 32. 32 Who am I? I have over 16 years’ experience in IT, mobile technology and software development. I have spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, I received a platinum-level excellence award for my work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, I have analyzed, designed and implemented GRC technology into 60 companies, including some of the largest and most complex environments. My experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services and insurance. www.surecloud.com © 2019 SureCloud. All rights reserved. Email Twitter LinkedIn Alex Hollis - VP, GRC Services Thank You