Software development risk should be a tech priority for COOs. As a term, it comprises all internal and external risks that can negatively impact on the success and development of any software project. These can include ownership of IP, regulatory required change management processes, key man risk, coding or testing issues, data risk, appropriate controls and audit trails and increasing security risks. Such risks can appear at any stage whilst developing software and the longer it goes on, the more the organisation relies on this software, the greater the risk.
Synetec understands the importance of managing risk in software development , we do it for ourselves and help many of our clients to carry out a risk analysis of their software projects ahead of time, in order to overcome any potential disasters at the wrong time.
For financial services firms, a particular part of software development risk includes ensuring that your firm is adhering to strict FCA code governance requirements. ‘Code governance’s imply means how you are managing, recording and storing your code as it is being written by your developers. According to the regulatory handbook, a fundamental requirement of financial services firms is to establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures within your business’ processes and systems. This is inclusive of your software development.Alongside this, firms should also keep in mind the FCA’s rules on code governance, where during a review, officers would expect to see the following across the entire business:
• Documented change management policy and procedures
• Development tracking
• Audit trail of changes
• Management level reporting
Most firms Synetec speak to would not claim to be 100% compliant in their software development and code governance controls. The FCA regulations aside, many of these controls are echoed in investors DDQ’s which are becoming increasingly tech focused. Whilst FCA regulations and investor DDQ’s overlap, they skirt around the practical headline risk of who actually owns all of the IP that you are building? Is it all accessible regardless of key individuals or is it out in the public domain?
The first step to managing these risks is to work with a team who can support your firm to carry out a gap analysis of both existing and missing controls. Working with an outside independent expert in the field makes sense here, as internal teams often have assumptive knowledge that can affect outcomes on who is able to clearly identify control objects and supporting control activities within your system.
As evidenced, ensuring code governance aligns with these guidelines can be a complex task for firms. Such expectations are continually being refined and as always, firms are expected to keep up with regulatory requirements which is why we designed our Software Development Risk Review. This review deep dives into your firm’s software development and code governance; we assess the ownership and currency of all licenses within the business, identifying any potential gaps and risks. Through our review, we can unveil any utilisation of end-of-support software, empowering you to proactively address vulnerabilities and maintain a secure and compliant software environment. Don’t wait until your risk becomes a problem; take the opportunity to mitigate one less risk in your business universe.
Speak to our specialists today to find out more or explore our Software Development Risk Review service.
If you would like to discuss a bespoke software development project, challenge or goal please book a 30 minute Clarity Call with us and we'll point you in the right direction (even if you chose not to work with us)