Click here to load reader
Upload
doanthuy
View
215
Download
0
Embed Size (px)
Citation preview
Crisis Management
IT Governance Summit 2015
Golden Tulip-Kumasi 08-09 October 2015
Daniel Gyampo (EMBA,CRISC,CISA, CGEIT pass)
Group Manager, Information Systems Audit, Ecobank
Contents
Disaster / Crisis / Shell-shock situation
The Challenge Scenarios of emergencies
Building a risk register
Discussion Risk Identification
International National and Internal Challenges
Principles of Catastrophic Risk Management
Crisis Scenarios
Disaster
Crisis
Ministry of Justice and Attorney General website hacked by
@Hpa_Argentina Nov 27, 2012
This is a warning. If you refuse to release our Libertad Frigate in
three days, we will unleash hell on you. We will attack all your
government websites, all your banks, your stock exchange, all your
gold and oil companies, your energy and water companies, we will
publish on internet all your personal banking records, the ones in your
country and the ones abroad, and more!
Shell-shock situation
$45 Million ATM Heist
According to the U.S. Attorney's office, the
actual ATM heists took place on Dec. 22,
2012 and on Feb. 19-20 of this year.
In December, using accounts stolen from
Rakbank, the scammers made 4,500 ATM
transactions in 20 countries, stealing $5
million. In New York alone, they made 750
fraudulent transactions and stole
$400,000 from 140 ATMs in just under
three hours.
The February heist was the big one,
though. Using card data from the Bank of
Muscat, cells in 24 countries made 36,000
transactions over 10 hours, stealing $40
million. In New York, they got $2.4 million
from 3,000 ATMs in the city.
The Challenge
Scenarios of Government and Company Emergencies
Can auditors add value to government and corporate responses?
Have risk registers been documented?
Have supply chains been audited and stress tested?
Have institutions built upon existing strengths in governance and
resilience?
Are government and companies prepared for media releases?
Discussion Risks Identification
Climate change
Economic Instability
Terrorism and Instability
Cyber Crime and Terror
Reputation Risk Management and Governance
Building a Risk Register
5 top risks for a government/nation in 2015
5 top risks for companies in 2015
Do governments and companies have the same risks?
International, National and Internal
Challenges
Has the company or government identified and protected critical
functions in their business?
What data is used to track and predict risks?
Can the government or company respond in near real-time to make
decisions?
How does government or company quantify catastrophic risks and
prioritize resilience?
Quantification of residual risk outcomes despite good resilience?
Principles for Catastrophic Risk
Management
Allocation of responsibility for internal risk management and
identification of external and uncontrollable risks
Can this be done in a scenario exercise?
When does a Government share risk with the private sector?
How can internal and external stakeholders work to limit
international financial consequences?
Can internal and external stakeholders work on reports covering
risks with uncertain outcomes?
Principles for Catastrophic Risk
Management
Resilience planning by assessing early warning data,
identifying who is skilled in the workforce for resilience
work and assessing documentation for resilience
achievements?
Can a stress test exercise by the auditors identify all
stakeholders to be included in resilience planning and
the residual risks from top threats?
Crisis Scenarios
Cocoa Crisis: A new disease affecting cocoa trees
wipes out 40% of the trees in 2 months, raising concerns
about the governments inability to generate expected
revenue, and increased prices on the world commodity
markets
Electronic Banking Services: The Banks respond to a
sudden coordinated cyber attack on mobile phone
banking and ATM systems stealing passwords,
blocking call access to call centers, and taking down
bank websites
Crisis Scenarios
Electricity Supply Shortage: 60% loss rainfall May-July
2015 results in a sudden and rapid fall in the level of
water behind the Akosombo dam, to levels that require a
total shutdown of all turbines in the next 7 days.
Defacing of Government Websites: The e-Governance
web interfaces and Government websites are defaced or
brought down on Sunday night. The full extent of
damage is only realized on Monday morning.
Teams Report on 4 Challenge
Questions
Each team provides a volunteer to report the crisis to
the media for 2 minutes
Q1: Explain how the company/government has prepared
for and manages the crisis
Q2: Identify how governance and reputation have been
protected by your crisis response
Q3: Discuss how your auditing process has prepared
you for the crisis
Thank You
Questions