Particle Swarm Optimization: Technique, System and Challenges
Information System Challenges
-
Upload
perbanasinstitute -
Category
Documents
-
view
3 -
download
0
Transcript of Information System Challenges
Information System Challenges Managing Governance, Risks, and Compliance
Prof. Richardus Eko Indrajit [email protected]
Banking Industry
! The introduction of the new concept of banking that is driven by technology enhancement: ! Internet Banking ! Mobile Banking ! Virtual Banking ! Phone Banking ! E-Banking to I-Banking ! Digital Kiosks ! E-Money and Digital Cash ! Smart Cards
Business C
haracteristics
! Volume of transactions
! Velocity of interactions
! Variant of products/services
! Veracity of data/information
! Vulnerability of channels
! Viscoelasticity of profiles
! Variability of resources
! Vibration of stakeholders
Risks A
nalysis
• Banyak KERAWANAN • Mudah DIEKSPLOITASI • Dengan cara SEMAKIN CANGGIH • Menggunakan alat yang SEMAKIN MUDAH • Dan dapat dilakukan oleh SIAPA SAJA
About G
RC
Trend
! These areas of activity are progressively being more aligned and integrated to improve enterprise performance and delivery of stakeholder needs ! Governance — exercise of authority;
control; arrangement ! Risk — management of hazard;
danger; peril; exposure to loss, injury, or destruction
! Compliance — the act of complying; a yielding; as to a desire, or concession
Banking B
usiness
! Driven and enabled by the massive use of information technology
! “The network is the bank” core philosophy
! Information become the most valuable asset and resources
! Digitalisation of products and services
! The need of effectiveness, efficiency, and control
Problem
at Night
PRISON ??? DATA ???
COMPLAINTS ???
NETWORK ??? HACKERS
???
HIGH COST ???
FAIL PROJECTS ???
DATA LOSS ???
Good P
ractices
! Open Compliance and Ethics Group (OCEG)
! Control Objectives for Information and Related Technologies (COBIT)
The Values of G
RC
! GRC Capability Model as good practices to be adopted within enterprise/organisation
The Design of G
RC
! Every domain of the eight integrated components has important aspects to be ruled
IT for GR
C P
rinciples
! Integration – it is unlikely a single application can enable all GRC activities. Create a “GRC Backbone” of integrated parts
! Simplification – Simplify the architecture and use common components to enable multiple risk areas
! Reuse – Leverage existing investments and only buy when you must
! Automation – For repetitive or complex tasks, but sometimes human judgment is required
! Information – Sharing information about performance, risks, controls, incidents and resolution is fundamental to GRC. The ability to analyze this information alongside business information is the essence of GRC
The IS/IT N
ine Arenas
1. Assurance and Audit Management 2. Business Intelligence 3. Business Process Management 4. Corporate Governance 5. Enterprise Content Management 6. Enterprise Resource Management 7. Enterprise Risk Management 8. Human Resources Management 9. Security Management
Integration is a Key
! GRC refers to taking an integrated, enterprise-wide approach to Governance, Risk Management, and Compliance: ! Governance – The Board of Directors’ and management’s
structures, policies, processes, and controls that focus on long-term value through the ethical, equitable, efficient, and effective operation of the business
! Risk Management – An organization’s systematic process to identify, assess, manage, and monitor upside and downside risks to the business
! Compliance – An organization’s process to demonstrate its employees and agents adherence to policies and procedures, laws, and regulations
! GRC is transformational and addresses the people, process, and technology enhancements required to achieve risk intelligence
GR
C R
esponsibilities
! All CxOs have strategic roles and responsibilities upon GRC requirements and practices
Bottom
Line
Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!!
Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?