An ICT Risk Management Must For Banks

The challenge for IT organisations today is to improve their services while simultaneously reducing the costs they incur, a challenge usually met with the continuous service improvement approach. This approach has two steps: (1) assess the maturity of the key ITIL processes to identify areas for improvement and (2) enhance the functionalities of the supporting ITSM platform.

However, improving ITIL processes should not be an individual exercise for each process (incident management, problem management, change management, etc.) but should be done holistically. To be successful, process improvement initiatives take into account interactions between individual processes, as well as the availability of accurate information on managed IT assets.

This is where a configuration management database (CMDB) comes into play. A CMDB is a data repository whose main function is to keep track of IT assets, their individual configurations, and the dependencies between them (for example, the link between business applications and underlying infra components—virtual servers, physical servers, network devices, etc.)

Although a robust CMDB is instrumental on the process improvement journey, its real benefits (and business case) extend beyond IT performance services: it can help reduce the overall risk exposure of the bank. As we've seen in recent advisory engagements on improving IT processes, many organisations have limited visibility on the impact of IT changes due to a low quality (or just inexistent) CMDB.

Some estimated figures to illustrate this: 60% of service unavailability is due to inconsistently configured data; 80% of unplanned outages are caused by unplanned changes.

CMBDs thus remain vital for any financial organisation, as they can mitigate risks related to:

misspecification or erroneous transition of complex changes within projects, which might put the target achievements at risk insufficient quality of changes and thus of the overall change process, which might threaten other elements of the IT systems and restrict their availability An accurate CMDB will allow organisations to see the impacts of changes on other IT assets and to ensure full predictability of the changes by preventing collateral damage.

Just to reinforce the message above, the existence of the CMDB is now seen by the European Central Bank (ECB) as a critical element for a better management of ICT risks1 and IT operations. In particular, the ECB sent an IT questionnaire to...