Use Case for Assessing Risk on Outsourced Core Processing
Why assess the risk? Outsourced IT services can contribute to operational risks (also referred to as transaction risks). Operational risk may arise from fraud, error or the inability to deliver products or services, maintain a competitive position or manage information. It exists in each process involved in the delivery of the bank’s products or services. Operational risk not only includes operations and transaction processing, but also areas such as customer service, systems development and support, internal control processes and capacity and contingency planning. Operational risk also may affect other risks such as interest rate, compliance, liquidity, price, strategic or reputation risk.
Who should assess the risks? Information Technology Officer, Data Security Officer, Chief Operating Officer
How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.