Professional Documents
Culture Documents
Banking Risk Management 4.0 Final
Banking Risk Management 4.0 Final
1
4/15/2021
“
“Belajar dari pengalaman orang lain,
Risikonya jauh lebih rendah daripada
pengalaman diri sendiri” #empro
2
4/15/2021
3
4/15/2021
“
7
“
8
4
4/15/2021
Strategic Risks Risks that are taken for a strategic return Hardware and software systems
(profit, market share, etc.) or which may development (e.g. the failed
significantly affect the achievement of an implementation of a new system)
organisation’s Regulatory breaches (e.g. data
strategic objectives protection)
Reputation risks (e.g. stemming from
loss of data)
External Risks Risks from the external environment External hacking and denial of service
(political, economic, social, etc.) attacks
Theft of data
10
5
4/15/2021
Risk IT efficiency
Revenue increase
11
12
6
4/15/2021
13
a. kerahasiaan (confidentiality);
b. integritas (integrity);
c. ketersediaan (availability);
d. keaslian (authentication);
e. tidak dapat diingkari (non repudiation);
f. pengendalian otorisasi dalam sistem, pangkalan data
(database), dan aplikasi (authorization of control);
g. pemisahan tugas dan tanggung jawab (segregation of duties);
h. pemeliharaan jejak audit (maintenance of audit trails).
14
7
4/15/2021
15
Determining the
Defining a vision for Running a swarm of
opportunities for
digital risk initiatives
digitization
• A view on the key • Through a bottom-up • Meets the strategic
activities risk will assessment of risk goals and captures the
perform in the future, processes, a plan for defined opportunities,
and in what way; applying digital tools to through a considered
• The corresponding the most promising approach to
mandate and role of activities, and a governance and the
risk; and the metrics business case that operating model and
that will be used to estimates the total new techniques such
determine success impact as the agile sprints
16
8
4/15/2021
17
9
4/15/2021
19
INTEGRATED GRC
GRC MAP
20
10
4/15/2021
Process Optimization
Improved Effectiveness
Protected Reputation
Reduced Costs
21
Who is Involved ?
◇ The Role of the Governing Authority
◇ The Role of the Chief Financial Officer and Managers
◇ The Role of the Risk Executive and Managers
◇ The Role of the Compliance and Ethics Executive and
Managers
◇ The Role of the Chief Information Executive and Managers
◇ The Role of the Human Resources Executive and Managers
◇ The Role of the Internal Audit Executive and Managers
◇ The Role of the Business Unit Operator and Managers
22
11
4/15/2021
24
12
4/15/2021
25
26
13
4/15/2021
27
14
4/15/2021
Benefit :
• Make more strategic decisions
• Boost profits
• Gain a competitive advantage
• Provide insights to the board of directors
• Reduce business liability
• Meet compliance standards
• Protect your brand
An effective cyber security risk assessment
evaluates risks based on the probability that
they will occur and outlines the impact they
could have on your business. Only by
understanding prioritized risks can you develop
cost-effective ways to manage them and
improve your cyber security controls and
culture.
15
4/15/2021
Internal Threat
Internal employees potentially have access to the full
range of corporate information.
a disgruntled or blackmailed employee may decide
to reveal or sell information to third parties.
31
Third-Party Risk
Cloud-Related Risks
Compliance Risks
32
16
4/15/2021
“
The Bank prioritized protecting critical
operations and assets
34
17
4/15/2021
“
client personal information, leading to both safeguarding access to private
business risk and security risk. information.
Inadequate security A lack of clear senior management ownership Ensure that a senior manager is
oversight by of a security program makes it almost assigned responsibility for the
management. impossible to enforce the provisions of the overall security program at your
program in the event of a policy being organization. Empower this
compromised or abused. individual to make decisions to
refine and enforce the security
policies.
Improper revocation of Failure to ensure that employee access is Ensure that employees have access
access. revoked when no longer needed may result in to resources and systems only as
unauthorized access. needed to perform their job function
and only for the duration that this
need exists. Revoke all access for
terminated employees before
notifying them of termination.
35
IDENTIFY &
PROTECT DETECT RESPOND RECOVER
MANAGE
• Governance and • Access to assets • Security • Incident response • Recovery from a
risk management and systems configurations are actions are cyber attack is
processes enable effectives managed consistently applied consistently handled exercised regularly
effective and limited to and monitored 24 x 7 and and plans are
management. authorized users automated when continuously
and usage appropriate improved
36
18
4/15/2021
STRENGTHEN ENHANCE
MATURE CYBER EVOLVE CYBER
FINANCIAL SYSTEM COLLABORATION&
SECURITY PRACTICES SECURITYOVERSIGHT
RESILIENCE PARTNERSHIPS
37
38
19