Quality in the Digital Age - THe Role of the SI in the Software Supply Chain

Don't Let 2020 be the Year of Hindsight. Act Now to Manage Your IT Risk.

The financial services industry is built on a robust IT infrastructure that is decades old. This sector is also an early adopter of digital transformation initiatives and the technology built upon this infrastructure is increasingly complex. We have seen IT outages and glitches costing in the millions of dollars, and cyber attacks becoming more frequent and sophisticated to cause disruption. As a result, regulators are under increasing pressure to act as it becomes clear organizations cannot self-govern their IT risk.

At the Cyber Resilience Summit: Managing IT Risk in Financial Services, CISQ will frame these issues and provide guidance on how to make systems rock-solid and resilient. Speakers will discuss how the financial sector, regulators, and national governments are working together to improve resiliency and stability.

Thank you to speakers and to everyone attending the event! Presentations are shared below.




Kevin Fedigan is a senior technology leader with a deep expertise in building resilient products and systems. He has held senior technology roles in a fintech of its time - DLJdirect, Pershing - a global financial solutions provider, and BNYMellon - one of 30 Global Systematically Important Banks (G-SIBS). Within BNY Mellon, Kevin became the Divisional CIO of their Broker Dealer Services Division, where he oversaw the modernization of its US Government Clearance platform which increased resiliency and future proofing of a platform that supports upwards of $10T in US Treasuries clearance on a given day. He then became the CIO of BNY’s Asset Servicing Division where he was responsible for the end-to-end technology deliverables for the largest line of business within the bank. Kevin has won a number of industry and company awards, including being named in Computerworld’s 2014 Premier 100 IT Leaders, as well as in CIO.com’s 2016 Analytics 50 Honorees, and has spoken at industry conferences around the globe.

Some of the key themes Kevin will be sharing with us is how he fostered a measure-first culture, the importance of developing a robust risk management cycle, how he managed the collaboration between product, operations and development teams, and the roles of suppliers and third parties in reducing IT risk.

Download presentation

Theis Eichel, Partner, PricewaterhouseCoopers
Markus Friede Hens, Senior Manager, PricewaterhouseCoopers

Theis Eichel works with enterprise organizations to audit IT systems, systems development, and software outsourcing. He runs a Center of Excellence (CoE) at PwC to measure software quality and resilience to industry standards and advises executives on how to take a standards-based approach to IT and business risk. He will discuss how standards can be used to improve outcomes, demonstrate impartiality, and reduce compliance and audit overhead.

Frederic Veron, Principal, Ernst & Young

Frederic Veron is a senior executive at EY with extensive experience in the financial services technology industry, most recently in CIO/CTO roles at Fannie Mae and Deutsche Bank. He will define technology resilience and discuss how to measure it. Frederic will uncover a blind spot overlooked by enterprise IT leaders, auditors, and regulators. He will emphasize code quality and its impact on resilience.

Download presentation

David Norton, Advisory Board Member, CISQ

David Norton is an advisor to CISQ, an industry body that develops and promotes standards for software quality measurement across industries. The standards are used in software development and maintenance and in contracts with suppliers as requirements for code delivery. David will explain how to use standards in contracts and service level agreements (SLAs) to reduce risk and cost. He will share sample contract language and best practices for working with suppliers to deliver trustworthy software and software-intensive systems.  

Download presentation


Objectives for attendees

  • Clearly understand the risk enterprises are facing from increasing IT complexity and mission criticality
  • Learn how to engage auditors not with hindsight but with foresight to mitigate IT risk
  • Learn how to use software quality standards with suppliers for the development of new solutions and the maintenance and support of existing systems
  • From a regulatory perspective, hear what industry can do to put its own house in order to stave off greater regulation

About CISQ

The Consortium for Information & Software Quality™ (CISQ™) is an IT industry leadership group that develops international standards to automate software quality measurement and its members promote the development and sustainment of secure, reliable, and trustworthy software. Through the work of CISQ, industry-supported standards have been developed to measure software size, structural quality, and technical debt from source code. These standards are used by IT organizations, IT service providers, and software vendors in contracting, developing, testing, accepting, and deploying software applications. www.it-cisq.org

About QA Financial

QA Financial is an independent information, research and events company. Our content is focused on how financial firms are managing and improving the quality of their software. www.qa-financial.com


CISQ Sponsors





Northrop Grumman

Tech Mahindra