1 / 20

USER COMPUTING IN FINANCIAL REGULATION

USER COMPUTING IN FINANCIAL REGULATION. Dean Buckner Financial Services Authority July 2003. What I do. One of small group of internal specialists (“Risk Review Department”) Specialist in IT supervision Originally “large groups” in investment banking, now all firms.

gaenor
Télécharger la présentation

USER COMPUTING IN FINANCIAL REGULATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. USER COMPUTING IN FINANCIAL REGULATION Dean Buckner Financial Services Authority July 2003

  2. What I do • One of small group of internal specialists (“Risk Review Department”) • Specialist in IT supervision • Originally “large groups” in investment banking, now all firms

  3. End user computing (EUC) • Definition • Development of reasonably complex, business critical applications • Rapid growth • Spreadsheets • Databases (ACCESS, SQL)

  4. Where found • Everywhere • Front Office: pricing and valuation • Middle office - accounting databases, queries, risk management • Back office - confirmations, settlement • Wholesale, retail, insurance, branch banking, all over the place

  5. The problem of EUC • Operational error • hedging • valuation • calculation of risk • Financial crime • AllFirst • other incidents not made public

  6. Token war story • "the ACCESS database used by capital markets for confirmations had a fault in its original design. The original table of counterparties had never been updated” • (From a visit last week)

  7. So is EUC a bad thing? • Definitely not! • FSA is not, and never has been opposed to the use of spreadsheet and other user-developed applications for business critical purposes • Essential to business efficiency • But need “appropriate controls”

  8. The Real Problem • Poorly managed solutions • Failure of senior management to understand user developed systems • perception that user computing is “bad” • belief in “strategic solution” • users do it anyway • the budget paradox

  9. The Budget Paradox • It is impossible to find a budget for any form of IT development required by the business • this implies the firm cannot afford it • Always, some salaried employee of the firm finds the time, and non-IT budget to develop solution • this implies the firm can afford it!

  10. Why user computing is better • Cheap to develop (but disasters are not cheap) • Uses detailed knowledge of business • Can be part of overall strategy • Centralised databases are inflexible • and perform badly

  11. Driving licence analogy • 1920’s - private transport for v. rich • 1930’s - huge growth in personal transport • 1m vehicles ... • ... and huge accident rate! • Now 20m vehicles - but lower absolute rate • give people responsibility • manage accordingly • and more driving instructors!

  12. Ideas • Appropriate framework for user computing • change of mindset (senior mgt, IT) • user training (of the right sort) • Highway code? • Licence and accreditation? • Audit standards • Data standards • The “M” problem

  13. Change of mindset • Senior management should have appropriate strategy for • “legacy” sysstem (separate subject) • package implementation (separate subject) • user computing (ACCEPTANCE THAT IT EXISTS!) • Regulators can have influence

  14. User Training • Books about spreadsheets focus on minutiae and technicalities • “Wizard” problem • No focus on “ility” • testability • maintainabilty • auditability

  15. Highway Code • Most problems I see are similar • Use of “literals” • code fragmentation • user maintainability • access control, segregation &c • Most have a trivial solution • Elementary training could eliminate 90% of errors?

  16. Accreditation • One of our firms already links business’s capital charge to accreditation in EUC • Incentive for business to train, apply controls, document &c • Overcomes “budget paradox” • budget to regulatory capital work

  17. Audit • IT auditors focus on large information systems • Tend to regard spreadsheets as user problems, not their concern • Internal auditors review generic process - but not tools that support decision making in process.

  18. Data standards • In the old days • systems were “closed” • input/output tightly formatted • IT effectively “owned” data • Then they invented • downloads, SQL queries, email attachments • No concept of “data citizenship”

  19. The “M” problem • ACCESS is designed to produce fragmented code: • Queries are software • Macros are software • Code modules are software • “Forms” are software • “Formula builders” are software • After spreadsheets, probably the most common user-developed platform!

  20. Questions & Comments

More Related