Page 27 - Risk Management Bulletin April -June 2021
P. 27
RMAI BULLETIN APRIL TO JUNE 2021
funds. Market participants say that this move will Internal vs. external risks
further increase liquidity in some of the categories of From an IT perspective, risks, threats and
debt schemes. vulnerabilities are initially defined as internal or
The market regulator has also asked Association of external. For example, an internal risk may be the
Mutual Funds in India (AMFI) to prescribe a suitable inability to provide IT services to maintain existing
systems and services, while external risks include
framework, in consultation with it, for liquidity risk
disruptions to utilities, critical infrastructure damage
management for open ended debt schemes (except
and destruction, and acts of God.
Overnight Fund, Gilt Fund and Gilt Fund with 10-year
constant duration) within a period of one month. The Internal threats, on the other hand, include loss of
said framework shall be adopted by all AMCs. power, equipment failure, theft of equipment and
vandalism. External threats include loss of commercial
"For asset allocation limits (applicable for Banking and
power, loss of network services and unauthorized
PSU Bond Fund, Floater Fund, Credit Risk Fund and
access to data centers.
Corporate Bond Funds scheme categories in terms of
SEBI circular on 'Categorization and Rationalization of Internal vulnerabilities include systems that are not
Mutual Fund Schemes') the base shall be considered properly patched, backup plans that are not tested and
as net assets excluding the extent of minimum inoperative security access controls. External
stipulated liquid assets i.e. 10 per cent," said the Sebi vulnerabilities include not using external security
circular. cameras or lighting, lightning arresters and emergency
backup power.
Sebi has also said that the framework specified by
The importance of risk assessments for remote
AMFI shall come into force with effect from December
1, 2021, for all the existing open ended debt schemes workers
and schemes to be launched on or thereafter. Regular risk assessments identify issues that must be
However, mutual funds may, at their discretion, choose addressed, identify opportunities to minimize the
to adopt the framework specified by AMFI before the likelihood of risks occurring and define strategies to
effective date. mitigate the severity of potential risks if one should
occur.
Mitigate threats with a remote These same assessments must be considered when it
workforce risk assessment comes to remote and hybrid workers. The issue is
compounded because employees today work in many
The importance of a risk assessment cannot be denied.
different locations, as opposed to a single office. As a
Identifying and mitigating the risks, threats and
result, risk assessments for remote and hybrid
vulnerabilities that exist within IT infrastructures in a
employees must be performed as individual activities
timely manner is crucial to lessen the impact of these
and must follow a consistent process.
hazards and prevent them from seriously disrupting
The 3 risk assessments in a remote employee
business operations.
risk assessment
Risk assessments have long been essential elements in
When adapting or creating a risk assessment for
good IT planning and management. Now, in the wake
remote workers, internal and external risks must be
of the global COVID-19 pandemic, many organizations
identified and addressed in three areas:
must perform a new type of risk assessment to keep
1. data center;
operations secure: a remote workforce risk
assessment. 2. network resources connecting remote employees;
and
Let's examine the different types of risks, threats and
vulnerabilities IT management must address to 3. remote worker's location.
minimize disruptions and maintain employee Data center assessments examine internal and external
productivity, and explore how a remote workforce risk risks, threats and vulnerabilities in the data center and
assessment fits into the process. infrastructure of a company. Assessing risks, threats
25
