IT Control Objectives for Basel II
Speaker:
Rolf von Roessing, CISA, CISM
Partner, KPMG, Germany
Financial services organisations are facing new challenges presented by the Second Capital Accord defined by the Basel Committee on Banking Supervision, colloquially known as Basel II. The accord builds on an evolving framework for managing risk in financial services transactions. Although Basel II is for financial institutions, there is a value in understanding security risk management within the context of operational risk, as it strengthens the link between the business and information security. Operational and information risk management and IT controls are essentials in good corporate governance.
This workshop, based on the ITGI publication IT Control Objectives for Basel II, provides a framework for managing operational and information risk in the context of Basel II. It addresses three operational and information risk target groups - information risk managers, IT practitioners and financial services experts. In applying the framework presented in this workshop, financial services organisations are able to apply recognised processes and controls to the IT space. The IT control objectives and management processes outlined address the role of information technology in operational risk. The participant will receive a copy of the ITGI publication as part of the course material.
Who Should Attend:
- Information risk managers
- IT practitioners
- Financial services experts
Symposium Topics:
- Governance, risk management and compliance
- The evolving regulatory landscape
- The Basel II approach to managing risk
- The need to manage operational risk
- A framework for operational risk management
- Operational risk principles and IT relevance
- Managing information risks
- IT guiding principles
- IT Control Objectives for Basel II
- The relationship of business processes from IT risks to IT controls
- How to apply the Control Objectives for Information and related Technology (COBIT) framework to manage IT risks and controls
- The use of key IT risk indicators
Symposium Highlights:
Part I—Governance, Risk and Compliance Framework and Regulatory Landscape
Discuss basic terminology and concepts including the convergence of compliance, risk management and governance, and examine the
evolving governance, risk and compliance (GRC) framework in an international context. Learn about Basel II as a GRC exercise in financial
services and what the international regulatory initiatives mean for information technology. Explore the financial services regulatory
landscape and how it relates to information technology. An interactive session on how to handle increasing GRC demands will conclude this
portion of the programme.
Part II—Basel II, Operational Risk, Principles and Requirements
Focus on Basel II risk types by examining market, credit and operational elements of the risk management universe. Learn about operational
risk and why it is necessary to have a strong IT focus. Discuss direct and indirect relevance and IT impacts vs. IT-induced impacts. Explore
principles and requirements for operational risk and methods of aligning them with the IT universe. This portion of the programme concludes
with an interactive session on how to link information technology to operational risk.
Part III—Information Risk, IT Guiding Principles, Control Framework
Learn about information risk, a special category of risk that is rarely understood. Discuss how to translate the Basel II operational risk
principles to information risk, identify IT guiding principles, be introduced to a comprehensive IT risk management framework, examine risk
scenarios in information technology and participate in an interactive session on how to manage them.
Part IV—Applying the COBIT Framework
Map the IT risk scenarios introduced in part III to the COBIT control processes. Discuss IT controls categories and lines of defence, examine how to complete the IT controls framework and learn about key risk indicators. Complete a ‘big picture’ understanding by linking operational risk and overall risk. An interactive session on applying the IT controls framework to your organisation will conclude the program.
Prerequisites:
The participant should have at least three years of IT experience or equivalent knowledge and be familiar with terminology, approaches, methodologies and techniques to manage the IT environment. Managerial experience will be helpful for this session.
|
