Consulting and audit on 716-P

Subtle work on the verge of Risk management, IT and IS

716-P requires companies to account for operational risk level as well as to manage it. The level is used not only for calculating bank service costs, but also for reassessment of the requirements to capital adequacy.

Information security risks as well as information system risks are part of operational risks and as such are reviewed in detail within the regulation. However, IS and IT risks are traditionally difficult to integrate with business-processes and even more difficult to assess.

The higher risk there is of a bank's IT system being down or hacked into, the higher operational risk level, the higher requirements there are to capital adequacy – hence the higher total cost of the bank's operation.

Careful management of operational risk level allows a bank to lower the requirements to capital adequacy and get a competitive advantage.

Compliance might require:

Quantitative assessment of IS and IT risks

Qualitative assessment of IS and IT risks

Expert evaluation of IS and IT risk financial influence

Audit for compliance with the regulation

Description of data collection processes and automation of work with event database

Enhancement of IS system to lower potential negative influence