A world class IT organization needs to be better than even the regulators require – and good IT governance doesn't have to tie the IT department up in red tape. Judicious application of IT best practices, frameworks and methodologies can help achieve this, based on an accurate picture of the IT environment, at which point regulatory compliance becomes a happy side effect. Find out how you can have an up-to-date true view of your infrastructure on a daily basis – not just at a point in time by reading this white paper.
ROGUE IT
COMPLIANCE
AND GOVERNANCE
OF IT IN THE
CAPITAL MARKETS
A Tideway white paper based on research performed by Expand Consulting on behalf of TidewayROGUE IT - COMPLIANCE AND GOVERNANCE
OF IT IN THE CAPITAL MARKETSA Tideway white paper based on research performed by Expand Consulting on behalf of Tideway
INTRODUCTION The main drivers for gaining a deep understanding of a bank's infrastructure are currently for cross charging services back to Lack of effective internal controls in the ? nancial sector has had the business or cost reduction programs, such as data centre catastrophic effects in the past - Nick Leeson, a high performing consolidation. Expand's research indicated that compliance trader, managed to bring down Barings - one of Britain's oldest requirements came below total cost of ownership (TCO) and cross-and most respected banks - by cleverly covering up trading losses, charging projects as drivers for capture of IT infrastructure data. until they reached an unsustainable £850M. Barings collapsed, and was subsequently purchased by ING for £1. Events like However, regulations now compel IT organizations to have a the Barings example have led to regulators demanding better much more detailed and real-time handle on the application, business governance across the ? nancial sector. As the Capital data base, hardware and network infrastructure layers or fabric, Markets are ever more reliant on IT systems, these regulations and the dependencies between them than ever before.apply as much to IT as the business. Most IT organisations at some point in time map out their To date, most IT compliance efforts have focused on the data - infrastructure and hold that system map in something like Visio the most obvious place to start. However, infrastructure failures and/or Excel. They may also create a database of the application have the capacity to take a bank out of the market for signi? cant structure or an inventory of assets, as well as using various periods of time, generating huge potential losses. The IT technology speci? c domain managers. Most ? rms researched blackouts that appear in the papers are only the tip of the iceberg by Expand have not gone as far as implementing something - as the agility required of the IT department is often achieved along the lines of the IT Infrastructure Library's con? guration at the cost of stability and many near-misses occur every day management database (CMDB) to capture the data, with only unreported. How long can it be before a catastrophic failure of a 20% of ? rms polled actively engaged in a CMDB project. This major bank occurs due to poor IT infrastructure governance? suggests it is still early days for company-wide IT con? guration management projects, in spite of compliance pressures.A world class IT organisation needs to be better than even the regulators require - and good IT governance doesn't have to tie Any attempt to capture the infrastructure fabric and the IT department up in red tape. Judicious application of IT superstructure dependencies usually occurs to support a best practices, frameworks and methodologies can help achieve particular project, such as the implementation of a new front this, if based on an accurate picture of the IT environment, at of? ce trading system or a new intra-day risk reporting process which point regulatory compliance becomes a happy side effect. that might require a grid or compute farm. However the data captured in these exercises, which typically take a minimum of The following research ? ndings were the result of a survey of 3 months, whilst useful, is only a snap-shot in time. This is not the top ten global investment banks conducted by Expand only costly in terms of either external consultancies or internal Consulting on behalf of Tideway Systems, in order to gain a FTEs, but the data derived by these initiatives is out of date clearer understanding of their priorities and the real impact that virtually as soon as it is mapped.today's focus on compliance has, without the hype. Traditional asset management tools such as Remedy Asset Management or Peregrine AssetCenter do provide some relevant data, however they are far from complete when the requirements CURRENT IT GOVERNANCE of the regulations are examined.
PRACTICES Complementary methodologies, frameworks and practices such as ITIL and Six Sigma are used to help dr... [download for more]
