Consulting and audit on 716-P

Subtle work on the verge of Risk management, IT and IS

Положение обязывает учитывать уровень операционного риска и управлять им. Этот уровень используется не для расчета стоимости услуг банка, но для переоценки требований к достаточности капитала.

Information security risks as well as information system risks are part of operational risks and as such are reviewed in detail within the regulation. However, IS and IT risks are traditionally difficult to integrate with business-processes and even more difficult to assess.

The higher risk there is of a bank's IT system being down or hacked into, the higher operational risk level, the higher requirements there are to capital adequacy – hence the higher total cost of the bank's operation.

Careful management of operational risk level allows a bank to lower the requirements to capital adequacy and get a competitive advantage.

Compliance might require:

Quantitative assessment of IS and IT risks

Qualitative assessment of IS and IT risks

Expert evaluation of IS and IT risk financial influence

Audit for compliance with the regulation

Description of data collection processes and automation of work with event database

Enhancement of IS system to lower potential negative influence