initial due diligence of information technology as risk
play

Initial Due Diligence of Information Technology as Risk - PowerPoint PPT Presentation

Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry M.Sc. Botjan DELAK, CISA Nova Ljubljanska banka d.d., Ljubljana martinska 130, 1520 Ljubljana, Slovenia (SVN) mentor: dr.


  1. Initial Due Diligence of Information Technology as Risk Identification before Capital Investment in Finance Industry M.Sc. Boštjan DELAK, CISA Nova Ljubljanska banka d.d., Ljubljana Šmartinska 130, 1520 Ljubljana, Slovenia (SVN) mentor: dr. Marko BAJEC University of Ljubljana, Faculty of Computer and Information Science Tržaška 25, 1000 Ljubljana, Slovenia (SVN) 1/19 CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

  2. Slovenia (SVN) 2/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  3. Student’s Introduction- Boštjan Delak � M.Sc. - 1985 – “Man Machine Communication in Automatically Controlled Production Processes” � B.Sc. - 1982 – “Semiconductor Elements Models in Programs SPICE 1 and SPICE 2” � Employed in Nova Ljubljanska banka, d.d. (NLB) Ljubljana, SVN � www.nlb.si biggest Slovenian Financial Group � Senior Advisor to Chief Information Officer � More than 26 years of IT experiences: � NLB, IBM Slovenia, Intertrade - IBM Representative, ISKRA Avtomatika � Member of: � ISACA (CISA), Slovenian Auditor Association and Slovenian Informatics Association 3/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  4. Objectives of the presentation � Present my thesis � Present universal initial information technology due diligence framework � Introduce the current situation and future plans � Get feedbacks, comments, directions, hints and new ideas for improvements and further work 4/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  5. Agenda � Description of Science Area and Related Problems � Motivation � Related Work � Research Proposal � Research Approach � Case Studies � Expected Scientific Contribution � Conclusions � Questions & Answers 5/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  6. Description of Science Area and Related Problems � IT due diligence � Objectives � Initial IT due diligence � Objectives � Types � Initial IT due diligence and IT audit comparison � Initial IT due diligence as IS research 6/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  7. Motivation � No broadly used worldwide IT due diligence frameworks � Define the most appropriate concept of the framework � Prove it by verification in independent (financial or other) institutions / company 7/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  8. Related Work � List of several methods, models, frameworks, best practices and standards: � BCM (Business Continuity Management) Analysis � COBIT (Control Objectives for Information and Related Technology) � CMM (Capability Maturity Model) � INFAUDITOR � ITADD (Information Technology Assessment Due Diligence Framework) � IT BSC (Information Technology Balanced Score Cards) � ITIL (Information Technology Infrastructure Library) � IS Risk Assessment 8/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  9. Related Work (Continue) � List of several methods, models, frameworks, best practices and standards (continue): � Val IT � NLB Method � Others � List of research papers’ authors: � S. Alter (several articles); M. Bajec; � I. Benbasat and R.W.Zmud; W.H. DeLone and E.R. McLean; � S. Gregor; A. Hevner, S.March, J.Park, S.Ram, � H.K. Klein and M.D. Myers; B. Kitchenham; � A.S. Lee and R.L. Baskreville; J.W. Orlikowski and S.R. Barely; � J.W. Orlikowski and C.S. Iacono; S.A. Sherer and S. Alter; � P.B. Seddon, S. Staples, R. Patnayakuni and M. Bowtell; � V. Vaishnavi and W. Kuechler; R.W. Zmud; 9/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  10. Related Work (Continue) – NLB Method � NLB method – basis for IT due diligence framework � Description � Phases � Tools / Questionnaires � Reports � Comparison with Work System Framework � Frameworks � IS Risk Based � IS Success 10/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  11. Research Proposal � Most convenient basis: � ITADD � NLB Method � Create initial IT due diligence framework based on: � Experiences within NLB (Model), � Best practices � Work System Framework (Alter’s) � Compare it with science researches � Verify it on real case studies 11/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  12. Research Approach Based on NLB method � Proven in many initial and general IT due diligences (see � Case Studies) Basis for universal IT due diligence framework � Prototype tools will be develop for : � Draft action plans � Draft questionnaires � Draft spreadsheets with macros (for questionnaires’ analysis) � Draft reports � Framework will be documented � Framework will be tested and proven as universal framework � which could be used almost everywhere 12/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  13. Case Studies � Current data base: � More than 15 initial IT due diligences � More than 10 IT due diligences � In finance industry (banks and other financial institutions) � Within 15 countries in Central and South-Eastern Europe � Time period ( 1998 – 2008 ) � Future plans: � Prove and verify framework in other areas (e.g.: insurance companies, pension funds companies, broker companies, stock exchanges) � Time period ( 2008 – 2009 ) 13/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  14. Sample: “Treatment” of IT Strengths & Weaknesses Questionnaire IT Data Center (IS) Productivity 10 Top Management Perspective System Development 5 0 -5 Security, Integrity and Data Protection Staff in the IT Department -10 Cooperation (IT : End Users) Quality of Existing System (Applications) Use of Advanced Technologies Effective Use of Technology Information Technology End Users 14/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  15. Expected Scientific Contribution � IT Due Diligence Framework � Foundation of generic framework for practical approach to IT due diligences � Tool for identification and potential mitigation the IS risk through due diligence � Tool for identification IS success through due diligence � Tool for identification the requested resources 15/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  16. Conclusions � IT Due Diligence is not simple task � No world wide used frameworks � Some limited methods, tools, standards, frameworks are available � NLB method as basis for Universal Initial IT Due Diligence (UITDD) Framework � Content of UITDD Framework will be: � Instructions, � Plans, � Questionnaires � Spreadsheet tools � Reports � Framework should be proven outside banking industry with case studies 16/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  17. After all … “INITIAL INFORMATION TECHNOLOGY DUE DILIGENCE, IS ONLY ONE’S DUE DILIGENCE” 17/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  18. Questions & Answers 18/19 CAiSE-DC08, Montpellier, June 17th 2008 Boštjan DELAK ver.:1. 0

  19. Thanks for your attention! delak.bostjan@gmail.com / bostjan.delak@nlb.si 19/19 CAiSE-DC08, Montpellier, June 17th 2008 ver.:1.0

Recommend


More recommend