O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Sondrio Bank: IT PMO and Production Complexity Risks

462 visualizações

Publicada em

IT/MIS: Measurement & Rules to Manage Risk, The Bank Popolare of Sondrio handles IT risk management by measuring complexity via a structured interdisciplinary approach where 27% of transactions contribute to 80% of the operational complexity of the system.

Publicada em: Software
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Sondrio Bank: IT PMO and Production Complexity Risks

  1. 1. IT: Measurement & Rules to Manage Risk 26/04/2013 By Nicoletta Boldrini Original Article from ZeoUnoweb.it http://www.zerounoweb.it/casiutente/it-misurare-e-governare-per-gestire-il-rischio.html Our Bank [Banca Popolare di Sondrio] confronts the IT risk management by the use of sound management of complexity by applying a structured interdisciplinary approach. “Implicitly complexity is constantly evolving; to govern this you must know where you are at any point in time and measure it." Began Milo Gusmeroli, Deputy General Manager and CIO Banca Popolare di Sondrio, in sharing with ZeroUno all critical issues related to complexity management confirming that it must be checked and managed. "In my opinion, complexity in IT is an 'intrinsic condition' - continues Gusmeroli - and it can open new revolutionary opportunities. Not to consider complexity would be a mistake, and when doing so, it is essential to use a structured interdisciplinary approach." In the case of Banca Popolare di Sondrio, the IT Governance base of the Banks foundation constitutes five pillars: Organization (as people and structure), Methods (services and processes), Architectures and Systems, Project Portfolio Management, Budgeting and Performance Management. "As the complexity simplification is leading to greater capacity and more effective governance, of the IT domain architecture where systems play a decisive role," said Gusmeroli. In this context, Banca Popolare di Sondrio has established an 'Architecture / Systems and Security' group in the PMO and our staff has defined a control system that takes into account not only the architectural models (SOA, for example), but also the provisioning choices. "The other important area that we consider essential is to understand the intricacies of IT (to measure and rule) and [he is] referring to the catalog of services provided (which is part of the pillar 'methodology'), which, in terms of control, allows the 'IT department to have a clear view of the relationship between banking processes, organizational units, IT services needed to support and adequate computing resources, "says Gusmeroli. "The unit dedicated to the portfolio of projects, i.e. project management office, in Banca Popolare di Sondrio for this has the responsibility for the integration of budget, projects / service catalog, reporting, measurement, reporting and repositioning [this also to connect to the Bank of Italy reporting in terms of banks prudential supervision - Ed], "adds Gusmeroli. "Finally, the scope and budget performance management has in charge obtains a balanced scorecard, however, integrating all part of project administration and catalog services for the strategic
  2. 2. management of IT must always be supported by objective measurements and related to the objectives of business. " Interpreting the phenomena how to govern IT Milo Gusmeroli, Deputy General Manager & CIO Banca Popolare di Sondrio "IT is such a complex organization and IT can be effectively governed, however IT must be measured precisely in its complexity," highlights Gusmeroli. "This measure is aimed, in our case, to understand and interpret phenomena using remote control systems." "The interpretation of the [complexity] phenomena and the use of the information IT generates using control systems, although we aim to achieve the highest level of predictability of IT systems behavior (and therefore the minimum risk), have a direct impact on the business, "explains the CIO of the bank.”This is why we are introducing a stability indicator that allows us to have a view on the level of complexity and potential consequences so that this level can determine the profile of the business." A similar view is being created in Banca Popolare di Sondrio through the platform OntoSpace, (risk management solution built by Ontonix that incorporates principles and algorithms for measuring the complexity of systems or processes) this necessarily involves the integration of data and parameters both technical and others of different nature. "Within the system of control we have collected many data as well as technical performance indicators from the architecture which is derived from an analysis of operational risks - says Gusmeroli -. These are then
  3. 3. integrated with data coming from other systems, such as the balanced scorecard, to determine the risk and to assess their impact on the business. " Referring to case studies developed and looking for example the analysis of a bank's server through technology Ontonix, the Bank was able to verify that the performance of the robustness of the system shows an initial intense activity (both batch and user side) which progressively decreases. The system, after a first period of tension, reaches an equilibrium situation and normal operating conditions. Continuing the analysis, it was also found that the most critical variables appear to be related to the management of the hard disk storage, element, however, we managed to resize. The system during periods of high operational demand is more exposed to unpredictable reactions, requiring greater management attention. "The instrument used for measuring the complexity has also been applied to measure the response time of the transactions and then test the behavior of applications," said the CIO. "The analysis on the response times of applications showed that the element to be monitored with greater attention are the 'moments of discontinuity', i.e. the transition between activities (e.g. from batch to online)." Symptomatic and almost 'surprising' the result of this analysis proved that: 27% of transactions contribute to 80% of the operational complexity of the system. "Now we have more information to determine which applications and transactions are 'key-centric' [critical pivots] and why, in order to govern the IT systems and processes better, thereby reducing the risk leading to a higher index of stability." The analysis at Banca Popolare di Sondrio underway is intended to add other features on the 'potential' and 'residual' complexity and robustness of IT systems: in the vicinity of the critical level of complexity (to be placed on dashboards with intuitive graphic elements ), when the behaviors of a system becomes unpredictable thus putting stability at high risk. Based on this awareness, the Bank has initiated plans aimed at monitoring and measuring the potential risk (represented by the critical level of complexity) and residual risk (which comes from the distance between the actual measured complexity and the level of complexity identified as 'critical'). The residual risk, in fact, measures the amount of indeterminacy [in concurrent computation] the system is able to withstand before starting to lose functionality and become unreliable, while the current risk measure the robustness topological and quantifies the ability of the system to preserve its functionality. "It goes without saying that in order to maintain an index of stability, of the system IT must keep a safe distance from the critical level of complexity," says Gusmeroli.