Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives
Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)
Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.
Webcast: Collaboration Initiatives: Benchmarks & Best Practices
Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)
Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.
Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices
This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.
Learn more about the CIO Executive Council »
Lessons from Societe Generale's Financial Fiasco
CIOs and business managers should use the French bank's experience, where it failed to stop a rogue trader from losing billions, to beef up their risk management and IT controls.
February 26, 2008 — CIO —
This story was updated in the May 1, 2008 issue of CIO magazine to include new reporting. Read the latest version of this story here.
It's a lethal combination of process oversights and system failures that is the stuff of CIO nightmares: An investigation into rogue trader Jerome Kerviel's fraudulent actions at Societe Generale bank uncovered an apparent break down in financial and internal IT controls subverted by an employee with IT know-how and authorized systems access.
The well-known tale of Kerviel's exploits, which led to more than $7 billion in losses for the bank, is serving as a wake-up call to businesses everywhere. "It's started the conversation around these issues," says Scott Crawford, a security expert and research director at Enterprise Management Associates. (EMA) And executives, he says, are now asking themselves, What can we do to ensure that the risk exposure of the business itself is managed effectively, in addition to what role IT should play?
Answering that question, however, isn't so easy. First, many executives don't have a good enough understanding of where their risks actually are, Crawford says, and therefore don't know where they need more robust controls.
This is compounded by that fact that some executives might not want to be made aware of their company's risks. "Once you know what your exposure is, you are no longer ignorant," Crawford says. "And if you choose not to mitigate a known risk or at least not address it, then the issue potentially becomes one of negligence." (Which is precisely why regulations like Sarbanes-Oxley require top execs to put their names on their company's financial documents.)
As a previous CIO article on the Societe Generale scandal notes, several former risk-control executives quoted in a Wall Street Journal article said that financial institutions of all types are notorious for weakening risk-management procedures when times are good and profits are flowing fast. The Journal article cites the "months of misery" endured at top U.S. banks and securities firms, which are being clobbered by the mortgage crisis, as evidence of such lax risk controls come to fruition.
In addition, even if executives are made aware of the risks, they have a tough time balancing the potential gains from a risky endeavor versus the potential losses, Crawford says. "There's always this delicate balancing act between taking advantage of opportunities and doing an effective job of IT risk management," he notes. "This notion of business risk exposure in IT still is a challenge particularly for the CIO but for the business as a whole."
Project Management Office Best Practices
Automate and Accelerate with Project Management
Managing Project and Portfolio Risk
Connecting Capital Planning, Construction, and Everything in Between
Mapping Out a Successful IT Consolidation Plan
Boiling the Ocean to Catch a Few Fish
Extending Client Refresh - 11 Steps to Maximize Savings
CIOs Weigh In On Virtualization
Jim Malone, Editorial Director of CXO Media's C...
Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM
IT Consolidation Made Easy
Taking a Seat at the Executive Table: The Reality of Virtualization
Who Are the Data Center Leaders?
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
European Parliament Adopts Telecom Laws After Bitter Debate
BlackBerry Media Sync 3.0 Brings Photo-Sync Features to PC; Mac Users Get Cold Shoulder
Facebook Worm Spreads with a Lurid Lure
Cisco Pedigree Wins Over VCs
Hacks of Chinese Temple Were Online Kung Fu, Abbot Says
10 Free Downloads for Your Laptop
Jolicloud Aims to Steal Chrome OS's Netbook Thunder
Jolicloud Aims to Steal Chrome OS's Netbook Thunder
Check Point Tackles Web 2.0 Apps and Social-Site Widget Control
Is Federal Stimulus Money Being Used for IT Hardware, Not Hiring?
