initial due diligence of information technology as risk
play

Initial Due Diligence of Information Technology as Risk - PowerPoint PPT Presentation

Nov 29, 2022 •324 likes •524 views

Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry M.Sc. Botjan DELAK, CISA Nova Ljubljanska banka d.d., Ljubljana martinska 130, 1520 Ljubljana, Slovenia (SVN) mentor: dr.

  1. Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry M.Sc. Boštjan DELAK, CISA Nova Ljubljanska banka d.d., Ljubljana Šmartinska 130, 1520 Ljubljana, Slovenia (SVN) mentor: dr. Marko BAJEC University of Ljubljana, Faculty of Computer and Information Science Tržaška 25, 1000 Ljubljana, Slovenia (SVN) 1/19 CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

  2. Slovenia (SVN) 2/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  3. Student’s Introduction- Boštjan Delak � M.Sc. - 1985 – “Man Machine Communication in Automatically Controlled Production Processes” � B.Sc. - 1982 – “Semiconductor Elements Models in Programs SPICE 1 and SPICE 2” � Employed in Nova Ljubljanska banka, d.d. (NLB) Ljubljana, SVN � www.nlb.si biggest Slovenian Financial Group � Senior Advisor to Chief Information Officer � More than 26 years of IT experiences: � NLB, IBM Slovenia, Intertrade - IBM Representative, ISKRA Avtomatika � Member of: � ISACA (CISA), Slovenian Auditor Association and Slovenian Informatics Association 3/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  4. Objectives of the presentation � Present my thesis � Present universal initial information technology due diligence framework � Introduce the current situation and future plans � Get feedbacks, comments, directions, hints and new ideas for improvements and further work 4/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  5. Agenda � Description of Science Area and Related Problems � Motivation � Related Work � Research Proposal � Research Approach � Case Studies � Expected Scientific Contribution � Conclusions � Questions & Answers 5/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  6. Description of Science Area and Related Problems � IT due diligence � Objectives � Initial IT due diligence � Objectives � Types � Initial IT due diligence and IT audit comparison � Initial IT due diligence as IS research 6/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  7. Motivation � No broadly used worldwide IT due diligence frameworks � Define the most appropriate concept of the framework � Prove it by verification in independent (financial or other) institutions / company 7/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  8. Related Work � List of several methods, models, frameworks, best practices and standards: � BCM (Business Continuity Management) Analysis � COBIT (Control Objectives for Information and Related Technology) � CMM (Capability Maturity Model) � INFAUDITOR � ITADD (Information Technology Assessment Due Diligence Framework) � IT BSC (Information Technology Balanced Score Cards) � ITIL (Information Technology Infrastructure Library) � IS Risk Assessment 8/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  9. Related Work (Continue) � List of several methods, models, frameworks, best practices and standards (continue): � Val IT � NLB Method � Others � List of research papers’ authors: � S. Alter (several articles); M. Bajec; � I. Benbasat and R.W.Zmud; W.H. DeLone and E.R. McLean; � S. Gregor; A. Hevner, S.March, J.Park, S.Ram, � H.K. Klein and M.D. Myers; B. Kitchenham; � A.S. Lee and R.L. Baskreville; J.W. Orlikowski and S.R. Barely; � J.W. Orlikowski and C.S. Iacono; S.A. Sherer and S. Alter; � P.B. Seddon, S. Staples, R. Patnayakuni and M. Bowtell; � V. Vaishnavi and W. Kuechler; R.W. Zmud; 9/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  10. Related Work (Continue) – NLB Method � NLB method – basis for IT due diligence framework � Description � Phases � Tools / Questionnaires � Reports � Comparison with Work System Framework � Frameworks � IS Risk Based � IS Success 10/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  11. Research Proposal � Most convenient basis: � ITADD � NLB Method � Create initial IT due diligence framework based on: � Experiences within NLB (Model), � Best practices � Work System Framework (Alter’s) � Compare it with science researches � Verify it on real case studies 11/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  12. Research Approach Based on NLB method � Proven in many initial and general IT due diligences (see � Case Studies) Basis for universal IT due diligence framework � Prototype tools will be develop for : � Draft action plans � Draft questionnaires � Draft spreadsheets with macros (for questionnaires’ analysis) � Draft reports � Framework will be documented � Framework will be tested and proven as universal framework � which could be used almost everywhere 12/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  13. Case Studies � Current data base: � More than 15 initial IT due diligences � More than 10 IT due diligences � In finance industry (banks and other financial institutions) � Within 15 countries in Central and South-Eastern Europe � Time period ( 1998 – 2008 ) � Future plans: � Prove and verify framework in other areas (e.g.: insurance companies, pension funds companies, broker companies, stock exchanges) � Time period ( 2008 – 2009 ) 13/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  14. Sample: “Treatment” of IT Strengths & Weaknesses Questionnaire IT Data Center (IS) Productivity 10 Top Management Perspective System Development 5 0 -5 Security, Integrity and Data Protection Staff in the IT Department -10 Cooperation (IT : End Users) Quality of Existing System (Applications) Use of Advanced Technologies Effective Use of Technology Information Technology End Users 14/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  15. Expected Scientific Contribution � IT Due Diligence Framework � Foundation of generic framework for practical approach to IT due diligences � Tool for identification and potential mitigation the IS risk through due diligence � Tool for identification IS success through due diligence � Tool for identification the requested resources 15/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  16. Conclusions � IT Due Diligence is not simple task � No world wide used frameworks � Some limited methods, tools, standards, frameworks are available � NLB method as basis for Universal Initial IT Due Diligence (UITDD) Framework � Content of UITDD Framework will be: � Instructions, � Plans, � Questionnaires � Spreadsheet tools � Reports � Framework should be proven outside banking industry with case studies 16/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  17. After all … “INITIAL INFORMATION TECHNOLOGY DUE DILIGENCE, IS ONLY ONE’S DUE DILIGENCE” 17/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  18. Questions & Answers 18/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  19. Thanks for your attention! delak.bostjan@gmail.com / bostjan.delak@nlb.si 19/19 CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Environmental Due Diligence and Managing Environmental Risk Presented as part of the Law Society

Environmental Due Diligence and Managing Environmental Risk Presented as part of the Law Society

Environmental Due Diligence and Managing Environmental Risk Presented as part of the Law Society of Saskatchewans Seminar: Due Diligence and Legal Opinions (March 2016) Environmental Due Diligence: Why? Environmental due diligence and

576 views • 57 slides
Project Due Diligence Gaye Francis and Richard Robinson Directors R2A Due Diligence Engineers 1

Project Due Diligence Gaye Francis and Richard Robinson Directors R2A Due Diligence Engineers 1

Project Due Diligence Gaye Francis and Richard Robinson Directors R2A Due Diligence Engineers 1 Plan 1. Due Diligence vs Risk Management - exclusive reliance on RM Standard fatal 2. The Project Due Diligence Process 3. Case study: Class E Tram

323 views • 17 slides
CUS CUSTOME OMER R DUE DUE DILIGENCE DILIGENCE THE THE WHY WHY , , THE THE WHO WHO

CUS CUSTOME OMER R DUE DUE DILIGENCE DILIGENCE THE THE WHY WHY , , THE THE WHO WHO

CUS CUSTOME OMER R DUE DUE DILIGENCE DILIGENCE THE THE WHY WHY , , THE THE WHO WHO AND AND THE THE WHA WHAT What is Due Diligence? It means to exercise the necessary care to properly understand any situation that you may

404 views • 12 slides
Due Diligence To outline the concept of due diligence engineering particularly as it applies to

Due Diligence To outline the concept of due diligence engineering particularly as it applies to

Objective Due Diligence To outline the concept of due diligence engineering particularly as it applies to Engineering engineering design. Townsville Richard Robinson Regional Group 17th March 2015 The Plan 1. What is due diligence? 2.

219 views • 11 slides
Due Diligence 101: Private Equity Investing in Emerging Markets The due diligence challenges

Due Diligence 101: Private Equity Investing in Emerging Markets The due diligence challenges

Due Diligence 101: Private Equity Investing in Emerging Markets The due diligence challenges Jonathon Bond, Managing Partner & Adiba Ighodaro, Director Actis Executive Summary - Due Diligence in the Emerging Markets 1. Due diligence in

744 views • 39 slides
Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into

Implementing a Consistent and Efficient Third-Party Due Diligence Process Practical insight into technology deployment and review to ensure ongoing compliance Paul Hommes Risk & Compliance Specialist LexisNexis June 2016 Agenda

466 views • 43 slides
Technology Information 2013-2014 Teaching Digital Natives in the 21 st Century Tools for

Technology Information 2013-2014 Teaching Digital Natives in the 21 st Century Tools for

Technology Information 2013-2014 Teaching Digital Natives in the 21 st Century Tools for Schools Logging Into the Network Username default first initial middle initial last name (i.e. klallen) Initial password 12345 (must be

446 views • 25 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Risk Management Program Information Security & Privacy Office June 8, 2017 Version 1.5.7 Risk Management at Florida State University Risk assessments

549 views • 11 slides
INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM The Need for a Risk Management Program Information Security & Privacy Office June 8, 2017 Why Unit Risk Management Programs Are Important For the most part FSU has enjoyed

402 views • 9 slides
AIA and Patent Due Diligence Understanding the AIA Impact and Best Practices for the Due Diligence

AIA and Patent Due Diligence Understanding the AIA Impact and Best Practices for the Due Diligence

Presenting a live 90-minute webinar with interactive Q&A AIA and Patent Due Diligence Understanding the AIA Impact and Best Practices for the Due Diligence Process WEDNESDAY, MAY 29, 2013 1pm Eastern | 12pm Central | 11am Mountain

1.67k views • 133 slides
21 st Century Climate Change Due Diligence Focus on Operational Risk, Not Just Legacy Liabilities

21 st Century Climate Change Due Diligence Focus on Operational Risk, Not Just Legacy Liabilities

21 st Century Climate Change Due Diligence Focus on Operational Risk, Not Just Legacy Liabilities Client Question BCLPs long-standing client ExpandCo wants to acquire BullsEye Industries (BEI), a highly diversified company engaged in

405 views • 25 slides
Introducing the 13 th Code of Practice Due Diligence, Risk Assessment and Control May 2015

Introducing the 13 th Code of Practice Due Diligence, Risk Assessment and Control May 2015

Introducing the 13 th Code of Practice Due Diligence, Risk Assessment and Control May 2015 David Levitt Overview of Code 13 seminars Objectives of DDRAC seminar As a refresher for those who are experienced Introduce DDRAC to new

332 views • 20 slides
NHVR Transition Due Diligence Employee Information Session Todays session Provide an update

NHVR Transition Due Diligence Employee Information Session Todays session Provide an update

NHVR Transition Due Diligence Employee Information Session Todays session Provide an update on the NHVR transition Overview of due diligence reports and materials Overview of how the NHVR uses due diligence and next steps Opportunity for

781 views • 32 slides
Vendor Management and Due Diligence Programs James Mottola, MS, CISM, CPP Dr. Kim Miller, CFE

Vendor Management and Due Diligence Programs James Mottola, MS, CISM, CPP Dr. Kim Miller, CFE

Protecting Your Clients from Fraud: Vendor Management and Due Diligence Programs James Mottola, MS, CISM, CPP Dr. Kim Miller, CFE March 16, 2017 Components of Due Diligence Comprehensive Mid-Market Due Diligence Services Private Equity, Banks

486 views • 37 slides
FTC Warns Parties on Information Exchanges During M&A Due Diligence In Short The Situation :

FTC Warns Parties on Information Exchanges During M&A Due Diligence In Short The Situation :

FTC Warns Parties on Information Exchanges During M&A Due Diligence In Short The Situation : The Federal Trade Commission ("FTC") recently published a blog post reminding merging parties to avoid creating antitrust liability through

278 views • 4 slides
SAFETY CASE - The Role of Contractual Due Diligence Specifications for an Engineering Project.

SAFETY CASE - The Role of Contractual Due Diligence Specifications for an Engineering Project.

SAFETY CASE - The Role of Contractual Due Diligence Specifications for an Engineering Project. Townsville Regional Group Geoff Hurst 0426 881 322 ghurst10@live.com Background Need for a new approach Risk Management in the construction,

2.1k views • 193 slides
Environmental Due Diligence PRESENTER Adam Zebrowski LaBella Associates Director of

Environmental Due Diligence PRESENTER Adam Zebrowski LaBella Associates Director of

Environmental Due Diligence PRESENTER Adam Zebrowski LaBella Associates Director of Environmental Due Diligence/ Proj ect Manager What Does an Environmental assessment primarily evaluate? The presence or likely presence of hazardous

604 views • 23 slides
Dont collect personal information you dont need. Hold on to information only as long as you

Dont collect personal information you dont need. Hold on to information only as long as you

Dont collect personal information you dont need. Hold on to information only as long as you have a legitimate business need. Dont use personal information when its not necessary. Restrict access to sensitive data. Limit

655 views • 34 slides
Fluxys Belgiums experience in REMIT Pilot Project 11/12/2014 ENTSOG Transparency Workshop

Fluxys Belgiums experience in REMIT Pilot Project 11/12/2014 ENTSOG Transparency Workshop

Fluxys Belgiums experience in REMIT Pilot Project 11/12/2014 ENTSOG Transparency Workshop CONTEXT Remit (Regulation on Energy Market Integrity and Transparency) Purpose: monitor wholesale energy markets to foster open and fair

541 views • 18 slides
University of South Florida Board of Trustees Workgroup for Research, Innovation, Engagement &

University of South Florida Board of Trustees Workgroup for Research, Innovation, Engagement &

University of South Florida Board of Trustees Workgroup for Research, Innovation, Engagement & Job Creation Drema Howard, PhD Director, Career Services Career Services Helps Students Choose a career and match it to a major Individual

319 views • 9 slides
EO Ground Segment Evolution Reflections by EOX IT Services GmbH, Stephan Meil & Gerhard

EO Ground Segment Evolution Reflections by EOX IT Services GmbH, Stephan Meil & Gerhard

EO Ground Segment Evolution Reflections by EOX IT Services GmbH, Stephan Meil & Gerhard Triebnig Workshop 2015, 24 th September 2015 ESA/ESRIN Frascati Company Profile http://eox.at Expertise and activities relevant for future EO

385 views • 5 slides
Dr. Helen Oesterheld, Composition Task Force Chair Dr. Siskanna Naynaha, WAC Coordinator

Dr. Helen Oesterheld, Composition Task Force Chair Dr. Siskanna Naynaha, WAC Coordinator

Assessment-based curriculum reform and response to EO 1110 Dr. Helen Oesterheld, Composition Task Force Chair Dr. Siskanna Naynaha, WAC Coordinator Department of English Overall performance rating Spring 2016 Composition courses 80-85% pass rate

222 views • 6 slides
KES: Knowledge Enabled Services for better EO Information Use Andrea Colapicchioni Advanced

KES: Knowledge Enabled Services for better EO Information Use Andrea Colapicchioni Advanced

KES: Knowledge Enabled Services for better EO Information Use Andrea Colapicchioni Advanced Computer Systems Space Division a.colapicchioni@acsys.it The problem During the last decades, the satellite image catalogues have stored huge

425 views • 31 slides
Overview of Governor Coopers Executive Order No. 80: NCs Commitment to Address Climate

Overview of Governor Coopers Executive Order No. 80: NCs Commitment to Address Climate

Overview of Governor Coopers Executive Order No. 80: NCs Commitment to Address Climate Change and Transition to a Clean Energy Economy Secretarys Environmental Justice and Equity Advisory Board May 22, 2019 Charlotte, North Carolina

646 views • 17 slides

More recommend