Contingency plans are crucial to limit disruption
THE question is not whether the major computer failure which is causing ongoing, serious disruption for Ulster Bank customers could happen again -- but what banks are doing to ensure every effort is made to avoid a situation like this occurring again.
What happened at Ulster Bank is that the parent company -- the RBS group -- had an IT specialist at the bank attempt to apply what we call a patch, or a new piece of software, to fix a bug in the bank's 'batch processing' software.
In major banks like this 'batch processing' is done at night to ensure that all the transactions and lodgments that occurred during the day -- and all the payments that are supposed to be put into accounts the following day -- are uploaded on to the bank's computer system.
However, from time to time, bugs -- effectively software errors -- are found in the system.
So the IT department would have to apply an update to eradicate the errors.
It is likely that the IT department ran a test first but this does not always ensure a malfunction will not occur during the actual process.
Basically the new software -- or patch -- that was used to fix the bug caused a new malfunction, which resulted in a failure of the overnight lodgment of money into accounts. Even though payments had been made, this did not show up on account balances.
The failure has now created a huge backlog in updating account balances, which the bank has been trying to untangle manually for the past six days.
The banking officials and IT specialists can see the data on their screens but they have to go into each job individually and update it.
RBS group has a central computer system, so we are talking about hundreds of thousands of transactions.
What seems to be unusual here is that this patch was applied to a critical piece of software on a weekday -- usually something like this would be done over a weekend when the number of transactions would be lower.
The problem raises questions about whether Ulster Bank, and other banks, have contingency plans that can be put into operation when required.
Like many companies, it is likely in the current climate that banks are not investing as much as they would like in their IT systems. It comes down to risk management -- you weigh up whether it is worth investing in a new piece of software or sticking with the current one.
But it is not just about investing in new software, as often it may involve new computers too.
Further costs are thus incurred with contractors having to install the software and train up staff in its use.
So while the costs involved in such upgrades may appear substantial and prohibitive companies need to perform a risk assessment as to whether the benefits of upgrading to the new systems outweigh the investment required.
• Brian Honan owns and runs BH Consulting, which specialises in IT security