To June 2012 for the Royal Bank of

To emphasis on the importance of IT risk management,
we would like to quote an example of the losses that was incurred due to poor
IT risk management. There are numerous incidents that have occurred since the
time IT is used as a value added asset to an organization. One such example is
the IT outage in June 2012 for the Royal Bank of Scotland. The incident
occurred when a simple upgrade of software (that processed the updates to
customer accounts) was not implemented as was planned. The IT team rolled back
the activity and uninstalled the software.


As a result, millions of customers at RBS and its
subsidiaries could not access their accounts using online banking facilities or
ATMs. This caused major inconvenience to the customers around the world. The
bank was unable to process the credit and debit interest to the customer
accounts. It took several weeks for RBS to completely fix the problem and
meanwhile the bank was forced to update account balances manually.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now


The bank was forced
to pay a sum of £56 million as a fine to UK’s Financial Conduct Authority (FCA)
and Prudential Regulatory Authority (PRA). It was identified that RBC
failed to have adequate systems and controls to prevent occurrence of a serious
IT incident. The testing procedures performed were inadequate and a through
risk analysis and assessment for updates of the software was insufficient. The
IT risk appetite was limited and not designed to minimize the impact of
disruptive incidents.


RBS took full responsibility of the incident and in
2013, It announced an increased investment of £750m for a three year period,
over and above its annual IT spend, to enhance the security and resilience of
its IT systems.


There are many such examples where incidents due to
overlooking of risk related to IT system have caused serious loss to the
companies. When such incidents occur, the profitability is reduced and
companies have to pay heavily. There is loss of company’ s reputation and
stakeholder’s confidence in the enterprise is damaged. Hence there is a strong
need for identifying controls required for effective usage of IT systems. It is
impossible to eliminate all the risks, however it is important to take
necessary steps to minimize the risk and reduce the impact if incidents occur.


Thus, It is important for an enterprise to take
effective risk management to achieve their missions, add values and to be more
reliable and dependable. As most businesses today become increasingly dependent
on information technology (IT) services for continuous operations, IS availability
is becoming more important for most industries. However, the banking sector has
particular sector-specific concerns that go beyond

the direct and indirect losses resulting from
unavailability. According to the first pillar of the Basel II accord, IT outages
in the banking sector lead to increased capital requirements and thus create an
additional regulatory cost, over and above the direct and indirect costs of an
outage (Ibrahimovic, Franke, 2017).


I'm Victor!

Would you like to get a custom essay? How about receiving a customized one?

Check it out