About Us News Investors Careers Corporate Responsibility

Home > Case Studies > Security > Management of operational risk in a banking environment

In this section
		Security
		A Full Stop with X-Net
		Computer Forensics
		Developing a Security Architecture
		Digital Video Enhancement
		Forensic Investigation for a Local Authority
		Fraud Investigation for a Large Financial Organisation
		IT Security Health Check
		Knowledge transfer through collaboration
		Management of operational risk in a banking environment
		Protecting Online Credit Card use
		Quality Assurance of the E-Voting Pilots for the ODPM
		Response to a Hacking Attack
		Safe transactions
		Securing our Borders
		Travelling in Safety
		US Army deploys QinetiQ vehicle arrest system in Iraq and Afghanistan

Our Business
		Defence
		Security
		Energy & Environment
		Our Capabilities
		Our Products

Case Studies - Security

Management of operational risk in a banking environment

Issues
QinetiQ was approached by a leading provider of financing services, primarily dealing in insurance for commercial and retail clients. This company conducts the majority of its business across the Internet using a network of brokers. Its Internetfacing e-commerce systems deliver almost 80% of its business.

The company wanted to gain assurance that its e-commerce operation would be able to scale up to support the aggressive business growth demanded by the company's future business plans. To this end, the company selected QinetiQ to conduct a broad spectrum review of its IT operations and systems, examining not only the organisational and process foundations for IT development, maintenance and operation but also the IT systems design and the growth strategy for these systems.

Approach
QinetiQ recognised that tackling the ecommerce assurance needs of the client required a multi-disciplinary approach. It fielded a team of consultants who examined:

the organisation, people and processes underpinning the IT operation within the company (with regards to day-today use, maintenance and development) and current outsourcing
arrangements;
the systems and network architecture underpinning the operation and growth of the e-commerce business;
the security policies and business continuity plans governing the use, operation and development of IT facilities;
the effectiveness of its security defences against unauthorised access and attack from sources on the Internet.

QinetiQ's team consisted of experienced consultants who brought a range of skills to bear on the assignment in the areas of process analysis, systems engineering and design, systems development and management processes, operational risk management, information security management and security penetration testing. They worked closely with client staff in analysing issues and developing recommendations for more effective IT governance and information security management.

Benefits
The actions of the QinetiQ team delivered a range of benefits to the client. On the one hand, the project became a focus within the company for a broad examination of IT operations and their alignment with business needs. On the other hand, it identified a range of actions that needed to be taken to strengthen the e-commerce operation and thus position the company for future growth. In addition, the project provided an independent and impartial assessment of the system's architecture and security arrangements, which resulted in a number of improvements being identified.

As a result of this assignment the client organisation has been able to better understand and manage those operational risks flowing from its use of information technology for both its current and future business.

Related sections

> Information Security

QinetiQ Ltd 2008

QinetiQ Group PLC, Company Registration No 4586941, Registered Office 85 Buckingham Gate, London SW1E 6PD