Initial Due Diligence of Information Technology as Risk - - PowerPoint PPT Presentation

initial due diligence of information technology as risk
SMART_READER_LITE
LIVE PREVIEW

Initial Due Diligence of Information Technology as Risk - - PowerPoint PPT Presentation

Nov 29, 2022 324 likes •527 views

Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry M.Sc. Botjan DELAK, CISA Nova Ljubljanska banka d.d., Ljubljana martinska 130, 1520 Ljubljana, Slovenia (SVN) mentor: dr.

slide-1
SLIDE 1

1/19

CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

M.Sc. Boštjan DELAK, CISA

Nova Ljubljanska banka d.d., Ljubljana Šmartinska 130, 1520 Ljubljana, Slovenia (SVN)

mentor: dr. Marko BAJEC

University of Ljubljana, Faculty of Computer and Information Science Tržaška 25, 1000 Ljubljana, Slovenia (SVN)

Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry

slide-2
SLIDE 2

2/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Slovenia (SVN)

slide-3
SLIDE 3

3/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Student’s Introduction- Boštjan Delak

M.Sc. - 1985 – “Man Machine Communication in Automatically Controlled Production Processes” B.Sc. - 1982 – “Semiconductor Elements Models in Programs SPICE 1 and SPICE 2” Employed in Nova Ljubljanska banka, d.d. (NLB) Ljubljana, SVN

www.nlb.si biggest Slovenian Financial Group Senior Advisor to Chief Information Officer

More than 26 years of IT experiences:

NLB, IBM Slovenia, Intertrade - IBM Representative, ISKRA Avtomatika

Member of:

ISACA (CISA), Slovenian Auditor Association and Slovenian Informatics Association

slide-4
SLIDE 4

4/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Objectives of the presentation

Present my thesis Present universal initial information technology due diligence framework Introduce the current situation and future plans Get feedbacks, comments, directions, hints and new ideas for improvements and further work

slide-5
SLIDE 5

5/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Agenda

Description of Science Area and Related Problems Motivation Related Work Research Proposal Research Approach Case Studies Expected Scientific Contribution Conclusions Questions & Answers

slide-6
SLIDE 6

6/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Description of Science Area and Related Problems

IT due diligence Objectives Initial IT due diligence Objectives Types Initial IT due diligence and IT audit comparison Initial IT due diligence as IS research

slide-7
SLIDE 7

7/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Motivation

No broadly used worldwide IT due diligence frameworks Define the most appropriate concept of the framework Prove it by verification in independent (financial or other) institutions / company

slide-8
SLIDE 8

8/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Related Work

List of several methods, models, frameworks, best practices and standards:

BCM (Business Continuity Management) Analysis COBIT (Control Objectives for Information and Related Technology) CMM (Capability Maturity Model) INFAUDITOR ITADD (Information Technology Assessment Due Diligence Framework) IT BSC (Information Technology Balanced Score Cards) ITIL (Information Technology Infrastructure Library) IS Risk Assessment

slide-9
SLIDE 9

9/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Related Work (Continue)

List of several methods, models, frameworks, best practices and standards (continue):

Val IT NLB Method Others

List of research papers’ authors:

  • S. Alter (several articles);
  • M. Bajec;
  • I. Benbasat and R.W.Zmud;

W.H. DeLone and E.R. McLean;

  • S. Gregor;
  • A. Hevner, S.March, J.Park, S.Ram,

H.K. Klein and M.D. Myers;

  • B. Kitchenham;

A.S. Lee and R.L. Baskreville; J.W. Orlikowski and S.R. Barely; J.W. Orlikowski and C.S. Iacono; S.A. Sherer and S. Alter; P.B. Seddon, S. Staples, R. Patnayakuni and M. Bowtell;

  • V. Vaishnavi and W. Kuechler;

R.W. Zmud;

slide-10
SLIDE 10

10/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Related Work (Continue) – NLB Method

NLB method – basis for IT due diligence framework

Description Phases Tools / Questionnaires Reports

Comparison with Work System Framework

Frameworks IS Risk Based IS Success

slide-11
SLIDE 11

11/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Research Proposal

Most convenient basis: ITADD NLB Method Create initial IT due diligence framework based on: Experiences within NLB (Model), Best practices Work System Framework (Alter’s) Compare it with science researches Verify it on real case studies

slide-12
SLIDE 12

12/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Research Approach

  • Based on NLB method
  • Proven in many initial and general IT due diligences (see

Case Studies)

  • Basis for universal IT due diligence framework
  • Prototype tools will be develop for:
  • Draft action plans
  • Draft questionnaires
  • Draft spreadsheets with macros (for questionnaires’ analysis)
  • Draft reports
  • Framework will be documented
  • Framework will be tested and proven as universal framework

which could be used almost everywhere

slide-13
SLIDE 13

13/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Case Studies

Current data base:

More than 15 initial IT due diligences More than 10 IT due diligences In finance industry (banks and other financial institutions) Within 15 countries in Central and South-Eastern Europe Time period (1998 – 2008)

Future plans:

Prove and verify framework in other areas (e.g.: insurance companies, pension funds companies, broker companies, stock exchanges) Time period (2008 – 2009)

slide-14
SLIDE 14

14/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Sample: “Treatment” of IT Strengths & Weaknesses Questionnaire

  • 10
  • 5

5 10 IT Data Center (IS) Productivity System Development Staff in the IT Department Quality of Existing System (Applications) Effective Use of Technology Use of Advanced Technologies Cooperation (IT : End Users) Security, Integrity and Data Protection Top Management Perspective

Information Technology End Users

slide-15
SLIDE 15

15/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Expected Scientific Contribution

IT Due Diligence Framework

Foundation of generic framework for practical approach to IT due diligences Tool for identification and potential mitigation the IS risk through due diligence Tool for identification IS success through due diligence Tool for identification the requested resources

slide-16
SLIDE 16

16/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Conclusions

IT Due Diligence is not simple task No world wide used frameworks Some limited methods, tools, standards, frameworks are available NLB method as basis for Universal Initial IT Due Diligence (UITDD) Framework Content of UITDD Framework will be:

Instructions, Plans, Questionnaires Spreadsheet tools Reports

Framework should be proven outside banking industry with case studies

slide-17
SLIDE 17

17/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

After all …

“INITIAL INFORMATION TECHNOLOGY DUE DILIGENCE, IS ONLY ONE’S DUE DILIGENCE”

slide-18
SLIDE 18

18/19

CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

Questions & Answers

slide-19
SLIDE 19

19/19

CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

delak.bostjan@gmail.com / bostjan.delak@nlb.si

Thanks for your attention!