Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards
IT Outsourcing Risks In Financial Sector
-
Upload
ukngroupltd -
Category
Business
-
view
437 -
download
0
Transcript of IT Outsourcing Risks In Financial Sector
6 Risks To Address When Outsourcing IT In The Banking Sector 6 Risks To Address When
Outsourcing IT In The Banking Sector
It is vital that before outsourcing IT all parties understand the potential risks involved,
specifically in the banking sector.
With this understanding client and provider can take precautions to mitigate against any
risk.
ASSESSING RISK AND MITIGATING AGAINST IT
Risk Assessment
The working group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds has suggested the following three steps to mitigate risks:
• Identification of the role of outsourcing in the overall business strategy and objectives aligned with corporate strategic goals.• Comprehensive due diligence on the nature, scope and complexity of the outsourcing to
identify the key risks and risk mitigation strategies – such as security practices and environment control of the service provider.• Analysis of the impact of such arrangement on the overall risk profile of the bank and
whether adequate internal expertise and resources exist to mitigate the risks identified.
RISK ASSESSMENT
Risk AssessmentRisk #1 – STRATEGIC RISKBusiness conduct of the service provider can be against the strategic goals of the bank.
Solution: assess the IT Outsource Service Provider for the following:
• Business reputation and culture, compliance, complaints and outstanding or potential litigations,
• External factors like political, economic, social and legal environment of jurisdiction in which the service provider operates and other events that may impact on the strategic goals of the bank.
Risk AssessmentRisk #2 – REPUTATION RISKPoor services of the service provider could be harmful for the reputation of bank and will harm customer relationships.
Solution: assess the IT Outsource Service Provider for the following:
• Past experience and competence to implement and support proposed activities over the contractual period,
• Financial soundness and ability to service commitments even under adverse condition,
• Employee training, knowledge transfer,• Reliance on and ability to deal with sub-
contractors.
Risk AssessmentRisk #3 – OPERATIONAL RISKTechnology failure, inadequate infrastructure or any error in providing IT services by the service provider.
Solution: assess the IT Outsource Service Provider for the following:
• Past experience and competence to implement and support proposed activities over the contractual period,
• Security and internal control, audit coverage reporting and monitoring environment, business continuity management,
• Risk management, framework, alignment to applicable international standards on quality / security / environment, etc., may be considered,
• Secure infrastructure facilities.
Risk AssessmentRisk #4 – LEGAL RISK
Potential for a case of non-compliance with the privacy, consumer and prudential law.
Solution: assess the IT Outsource Service Provider for the following:
• Business reputation and culture, compliance, complaints and outstanding or potential litigations,
• Security and internal control, audit coverage reporting and monitoring environment, business continuity management,
• Due diligence for sub-service providers,• Risk management, framework, alignment to applicable international
standards on quality / security / environment, etc.
Risk AssessmentRisk #5 – COUNTRY RISKDue to political, social climate in the country in which service is outsourced.
Solution: assess the IT Outsource Service Provider for the following:
• External factors like political, economic, social and legal environment of jurisdiction in which the service provider operates and other events that may impact service performance,
• Secure infrastructure facilities,• Employee training, knowledge transfer,• Reliance on and ability to deal with sub-contractors.
Risk AssessmentRisk #6 – CONTRACTUAL RISKRisks related to compliance with the terms of the contract between service provider and the bank.
Solution: assess the IT Outsource Service Provider for the following:
• Financial soundness and ability to service commitments even under adverse condition,
• Security and internal control, audit coverage reporting and monitoring environment, business continuity management,
• Due diligence for sub-service providers,• Employee training, knowledge transfer,• Reliance on and ability to deal with sub-contractors.
Risk Assessment
Proposals submitted by service providers should be evaluated in the light of the organisation’s needs, and
any differences in the service provider proposals as compared to the solicitation should be analysed carefully.
To access the capability of the service provider to comply with the outsourcing agreement, it is important to carry
out due diligence. Due diligence should involve an evaluation of all information about the service provider including qualitative, quantitative, financial, operational
and reputational factors.
DUE DILIGENCE
While there are clear benefits in outsourcing IT services to an external provider, risk evaluation is fundamental and you should expect any IT service provider to be focussed on this.
With the right IT service provider a bank can enhance its efficiencies in operations, by increasing the ability to acquire and support current technology; and allow management to
focus on key management functions – such as better customer service and other core services.
Are you ready to outsource your IT requirement?
Follow us