Management of Computer Risks for Senior Management
The application of computer and telecommunication technology is currently a wide-spread phenomenon in the financial industry. The trend towards increasing automation is likely to continue for many years. The success of an organization will thus depend to a considerable degree on the quality of its computer and telecommunication systems, and the extent to which it develops these systems to mach the evolving needs of its business and its customers. Deficiencies in security and control procedures within those systems can pose a significant threat to the continuity of operations.
The purpose of this memorandum is to provide Senior Management with a firm basis for an evaluation of the risks inherent to the use of computer technology and to increase Senior Management's awareness of the general control elements that may be effective in safeguarding the institution's operations against such risks. The memorandum is also an aid to identify the automation related risks that threaten the effectiveness and continuity of an institution's operations and in understanding their potential consequences, which might be as extreme as prolonged closure.
This memorandum is not aimed at addressing all the detailed questions that are relevant to computer security and control in every installation, and so will not necessarily identify all vulnerabilities which may exist. The subject is technically complex and in each institution there are considerable variations in vulnerabilities and control techniques among different types of systems and equipment. Use of the memorandum cannot replace a detailed review by a computer security audit specialist, whether in house or external. However, by focusing on those controls which can make the greatest contribution to protecting operations, the memorandum provides a firm basis for a global evaluation of the computer security and control procedures in the electronic data processing environment of an institution.
Viewing the contents of this Memorandum one notes that a general introduction to the nature of business risks resulting from the use of computer and telecommunication systems, is being presented in a policy framework. It describes the types of control which can be used to minimize potential risks and to ensure that systems are reliable and meet the needs of their business.
Throughout this memorandum, the term "institution" is frequently used as a shorthand for supervised financial institutions, (Commercial Banks, International Banks, Insurance Companies, Pension Funds, Credit Unions and Thrift Funds) and the general term "computer" for computer, microcomputer or telecommunication system, including the applications being used.
Download the entire PDF
^ Back to top
Last updated 09.05.2011 14:47