IT Risk Management: developed for a tier 1 German bank

Challenge and Regulatory Context

  • Establish specific processes for the management and control of IT risks against a background of rising global concern about the threats they pose
  • Meet the most current IT risk requirements arising from the European Central Bank’s SREP guidelines and the German regulator MaRisk, including the integration of IT risk management (ITRM) into the existing OpRisk control


  • Design and implementation of a scenario-based ITRM approach, taking into account the requirements of the COBIT5 industry standard
  • Ensured method consistency between ITRM and OpRisk control
  • Design and implementation of an IT risk inventory adhering to regulatory reporting requirements


  • As a framework condition for the design of the ITRM we had to ensure consistency with the methodological requirements of OpRisk control
  • Based on the COBIT5 industry standard we derived sample scenarios for ITRM which were evaluated by the client’s individual IT units through a structure of workshops and departmental participation
  • Scenarios were recorded in the IT risk inventory and were used to derive OpRisk scenario analyses in the IT field
  • Based on the information in the IT risk inventory, a quarterly management reporting process was designed and implemented

Fintegral’s Services in IT Risk Management