Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
Feature
Lessons from Societe Generale's Financial Fiasco
CIOs and business managers should use the French bank's experience, where it failed to stop a rogue trader from losing billions, to beef up their risk management and IT controls.February 26, 2008 — CIO — This story was updated in the May 1, 2008 issue of CIO magazine to include new reporting. Read the latest version of this story here.
It's a lethal combination of process oversights and system failures that is the stuff of CIO nightmares: An investigation into rogue trader Jerome Kerviel's fraudulent actions at Societe Generale bank uncovered an apparent break down in financial and internal IT controls subverted by an employee with IT know-how and authorized systems access.
The well-known tale of Kerviel's exploits, which led to more than $7 billion in losses for the bank, is serving as a wake-up call to businesses everywhere. "It's started the conversation around these issues," says Scott Crawford, a security expert and research director at Enterprise Management Associates. (EMA) And executives, he says, are now asking themselves, What can we do to ensure that the risk exposure of the business itself is managed effectively, in addition to what role IT should play?
Answering that question, however, isn't so easy. First, many executives don't have a good enough understanding of where their risks actually are, Crawford says, and therefore don't know where they need more robust controls.
This is compounded by that fact that some executives might not want to be made aware of their company's risks. "Once you know what your exposure is, you are no longer ignorant," Crawford says. "And if you choose not to mitigate a known risk or at least not address it, then the issue potentially becomes one of negligence." (Which is precisely why regulations like Sarbanes-Oxley require top execs to put their names on their company's financial documents.)
As a previous CIO article on the Societe Generale scandal notes, several former risk-control executives quoted in a Wall Street Journal article said that financial institutions of all types are notorious for weakening risk-management procedures when times are good and profits are flowing fast. The Journal article cites the "months of misery" endured at top U.S. banks and securities firms, which are being clobbered by the mortgage crisis, as evidence of such lax risk controls come to fruition.
In addition, even if executives are made aware of the risks, they have a tough time balancing the potential gains from a risky endeavor versus the potential losses, Crawford says. "There's always this delicate balancing act between taking advantage of opportunities and doing an effective job of IT risk management," he notes. "This notion of business risk exposure in IT still is a challenge particularly for the CIO but for the business as a whole."
Governance, Risk, and Compliance Management: Realizing the Value of Cross-Enterprise Solutions
Encryption Made Easy: The Advantages of Identity Based Encryption
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Strategies for centralizing data backup
5 Steps to Successful IT Consolidation
Business Value of Performance IDC Whitepaper
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Enabling the Global Enterprise
Get a grip on your mobile workforce Webcast
Business Networks are Evolving today Webcast
Integration as a Service: Are you connected?
Zen Master Series - The Transformation of Application Development with Ascendant Technology
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Samsung Puts 128G-Byte SSDs Into Mass Production
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
Microsoft Patches Security Bugs in Products
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
