Pages

Monday, February 4, 2008

Effective Risk Management via Business Polices

Written by: Ilan Sharoni/Eurekify

Following the latest financial crisis at Societe Generale, Mr, Lagarde, French Finance minister encourage banks to effectively monitor and manage risks.
Today, awareness for risk management is done via 2 ways:
1. Monitor actual transactions as they occur.
2. Preventive measures via business policies.

Businesses, especially in the financial space are adopting solutions that will enable them to electronically & automatically trace potential violations or risks that can be prevented before the situation is escalated to a global crisis that can jeopardize the stability and the existing of the company.

Societe Generale did not deploy effective internals mechanisms in order to prevent or take preventive actions to the coming disaster.

What could be done ? The answer is “a lot” , especially if the bank was using any risk management solution and/or business compliance rules monitoring.

Eurekify solution which is SOX oriented, enables the security auditor to:
1. Request access rights and privileges attestation by privileged employees and their managers.
2. Periodic and automatic monitoring of the business compliance rules database (“real time).

Business Policies (SoD - Segregation of Duty rules) can be defined upon any business object as transactions, access rights, ad-hock permissions and more.
Every rule should be associated with “risk level” which represents:
1. The risk of that rule to the business.
2. The actions that needed to be taken (reporting flow) in case that this Business Policy is violated.

Trusting people to perform this task manually or semi-manual is prone to human errors or security breach that the auditor may not be aware of.
Therefore, automatic Risk management and Business Policies management solution must be deployed in every business.

Additional huge benefit, and very important, of those systems (As Eurekify Business Compliance Manager) is to easily manage, maintain and knowledge transfer of all the business rules.
Automating this process would enable the customer to easily track violations and add many new rules.

Best Regards
Ilan Sharoni
http://www.eurekify.com/