Please enable JavaScript.
Coggle requires JavaScript to display documents.
TSB IT Failure 2018 NED Learnings (Planning (Not properly risk assessed,…
TSB IT Failure 2018 NED Learnings
Board effectiveness at scrutiny, challenge and decision making
Board challenge
Board not aware of skills gap
Board seeks external advice but it's incorrect/inappropriate/not good enough/insufficient
Missing skills/experience
Risk oversight called out lack of capability but although some augmentation, Board didn't monitor/scrutinise
Board place too much reliance on what CEO said about 2nd/3rd line without scrutiny
Board didn't challenge adequacy of testing (i.e. get executive to justify/rationalise)
Didn't push for metrics - took too much as read or on trust
Didn't seek to learn whether support from SABIS following transition events supported a view that SABIS could support the full system
No real challenge/scrutiny (looking in the whites of eyes) of attestations
Board not aware of status
Executive hides/provides incomplete/misleading information
Board doesn't challenge/ask right questions
Board not shown all of Risk Oversight and Internal Audit caveats
Board decision making
Didn't ask right questions at right time (e.g. not seeking transparency and challenging status 10 days ahead of go-live but focusing on giving notice to LGB)
Planning
Not properly risk assessed
Not transparently shared or scrutinised
Not properly planned
Not properly replanned
End date driven with no bottom up/left right planning
Not properly monitored (milestones/metrics, measurement against principles, metrics reviewed and challenged)
Resourcing issues due to parallelisation not managed/no mitigation/no replanning/no information to Board
Risk Management Approach
Risks generic (generic checklist good start, but need specific risks to situation)
Risks didn't change during 2-3 year period
Risks not challenged
Risks not reassessed/reviewed/updated
Governance
Too much responsibility in CIO
Mixed responsibilities for CIO (TSB IT receipt and Sabis IT delivery)
Assurance matrix completion delegated to CIO for NFT instead of each executive attesting (which was part of the design of the control)
Assurance matrix reasonable at top level but missing key dimensions in detail
IT Delivery
Testing approach
Environments (not production like, not available)
No/inadequate NFT
Testing parallelised with not risk mitigation
Testing timelines compressed repeatedly due to slippage and no change in end date - and no risk assessment
Exit criteria changed without governance and transparency (and risk assessment) [e.g. volumes planned to test 1500 simultaneous but changed to 1000 and the change was hidden)
Live proving issues
single data centre tested only (because of live services) so active/active not tested
only read-only transactions tested (yes that means payments not tested - an issue; but also write access drives contention and bottlenecks so not representative)
Requirements
Late/no sign-off of NFT requirements (2 weeks before live - what was the point!)
Excessive change requests - not well managed
Phasing
Excessive parallelisation
No real lock down (until less than a week to live)
Proving events not mitigating risk (not broad/extensive enough)
No documentation
Made support complex/difficult
Made designing testing difficult
Operational Readiness
Capability of SABIS not explored
Attestation from SABIS not sought
No SOC (ISAE 3402) report sought despite contract
No proper consideration of experience of SABIS running live services after transition events to inform view of readiness
Supplier Management
SABIS not managed as arms length supplier
Didn't use structure of contracts (e.g. right to audit, requirement for attestation to be provided)
Key Skills to Stress
Assurance
of implementation approach
of readiness
testing approach
critical processes
Testing Risk Management
Governance
IT Change Management (challenge of plans/approaches/monitoring delivery)
Risk Management
Operational Readiness
Production Change Risk (appropriate scrutiny of change management/go live approaches/decisions)