“This summer’s IT meltdown at RBS damaged public confidence in Britain’s banks, which should all now be checking their systems to make sure that such a failure cannot be repeated,” says Treasury Committee chairman Andrew Tyrie MP. – Finextra 5th September 2012. Finextra go on to suggest that many more similar occurrences are likely.
Stay current on your favourite topics
In practice, there are wildly differing approaches between banks towards application availability and operational risk for IT platforms, from the comprehensive, application by application assessment programs to a belief that general BCP /DR planning will provide sufficient cover.
BCP / DR planning is not enough alone. Many banks need more proactive programs focused on platform availability to identify potential causes of issues rather than just focusing on how to deal with them post-occurrence.
Citihub recommends a two tier approach which is working well for some of our proactive clients, especially those focused on availability of single dealer platforms in capital markets:
- A top-down, cross divisional, self-certification program aimed at identification of common weaknesses in design, operational practices and IT general controls. This is best done in conjunction with BCP and SOX reporting.
- Targeted deep dives on specific platforms that present a higher risk (either through known issues or scale of exposure). These should cover architecture, design, configuration currency, usage, operational processes and capacity management.
Citihub welcome’s Tyrie’s comments and increased focus from the FSA in the hope that it provides more momentum for application managers looking for budget to control legacy environments.