IT Governance within Financial Institutions - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

IT Governance within Financial Institutions

Description:

CARTAC & Caribbean Group of Banking Supervisors. IT Workshop for Regional Bank ... High profile collapse (e.g. Enron, Arthur Anderson, WorldCom, AIB, HSBC, etc. ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 53
Provided by: kir78
Category:

less

Transcript and Presenter's Notes

Title: IT Governance within Financial Institutions


1
IT Governance within Financial Institutions
CARTAC Caribbean Group of Banking
Supervisors IT Workshop for Regional Bank
Examiners June 23 25, 2009 Georgetown, Guyana
  • Kirk Tyrell, CISA
  • Assistant Director
  • Financial Institutions Supervisory Division
  • Bank of Jamaica
  • www.boj.org.jm

2
Topics
  • What does IT Governance involve?
  • Why is IT Governance Important
  • What you must know about IT Governance?
  • Supervisory Expectation for IT Governance ?

3
What is IT Governance?
  • is a subset discipline of Corporate Governance
    focused on information technology (IT) systems
    and their performance and risk management.
    (source www.wikipedia.com)


4
What is IT Governance?
  • the leadership and organizational structures
    and processes that ensure that the organization's
    IT sustains and extends the organization's
    strategies and objectives. (source www.ITGI.org)

5
Problems With IT Governance
  • Is IT governance different from IT management and
    IT controls? Why the confusion?
  • Does IT confers strategic advantage?
  • Are all the detailed process controls necessary?

6
Why the Increased Focus on IT Governance?
  • High profile collapse (e.g. Enron, Arthur
    Anderson, WorldCom, AIB, HSBC, etc.)
  • Maintaining (or Recapturing) public confidence
    and trust
  • Anchor for effective risk management


7
Why the Increased Focus on IT Governance?
  • Respond to call for greater transparency and
    closer oversight
  • prevent similar problems from happening again
  • Board and executive management awareness of the
    challenges facing IT management
  • Sarbanes-Oxley and Basel II in Europe


8
Why the Increased Focus on IT Governance?
  • effective corporate governance is essential to
    maintaining public trust and confidence in the
    banking sector, and provides a crucial anchor for
    sound risk management practices." Mr Jaime
    Caruana, Chairman of the Basel Committee and
    Governor of the Bank of Spain

9
IT Governance Goals
  • Provide assurance that the investments in IT
    generate business value
  • Establish structures and controls to mitigate the
    risks that are associated with IT
  • A proactive and holistic approach to talent
    management within IT

10
IT Governance Frameworks
  • Enhancing Corporate Governance for Banking
    Organizations (BIS)
  • The IT Infrastructure Library (ITIL)
  • Control Objectives for Information and related
    Technology (COBIT)
  • The ISO/IEC 27001 (ISO 27001)


11
IT Governance Frameworks
  • ISO/IEC 385002008 Corporate Governance of
    Information Technology
  • Others
  • The IT Baseline Protection Catalogs, or
    IT-Grundschutz Catalogs, ("IT Baseline Protection
    Manual" before 2005)
  • The Information Security Management Maturity
    Model ISM3
  • AS8015-2005 Australian Standard for Corporate
    Governance of Information and Communication
    Technology


12
Non-IT Specific Frameworks
  • The Balanced Scorecard (BSC) - method to assess
    an organizations performance in many different
    areas
  • Six Sigma - focus on quality assurance

13
Sub-Domains of IT Governance
  • Regulatory compliance
  • Information governance and information security
  • IT Service Management
  • Project governance
  • Risk management


14
Sub-Domains of IT Governance
  • Knowledge Management, including Intellectual
    Capital
  • Business continuity and disaster recovery

15
Components of IT Governance Cycle
16
IT Governance Domain (COBIT)
17
IT Governance Domain (COBIT)
18
Domain 1 Strategic Alignment
  • Achievement of IT alignment requires
  • Leadership and commitment from the highest levels
  • Proactive engagement

19
Domain 1 Strategic Alignment
  • The board should take responsibility for
  • Ensuring that IT strategy is aligned with
    business strategy
  • Ensuring that IT delivers against the strategy
  • Directing IT strategy to balance investments

20
Domain 1 Strategic Alignment
  • Making informed decisions about the focus and
    priority for the use of IT resources
  • Ensuring that appropriate IT and related business
    resources are available

21
Domain 1 Strategic Alignment
the right things are chosen in the first place
derive maximum benefits
things being done the right way
thing being done well
there is a strong argument that ultimate
responsibility for IT strategy setting and
implementation should rest with the business
leadership.
22
Domain 1 Strategic Alignment
  • Internal bodies in the form of
  • IT Investment Committee
  • IT Policy Committee
  • IT Steering Committee
  • IT Strategy Committee

23
Domain 1 Strategic Alignment
24
Domain 1 Strategic Alignment
  • Examiners Expectation
  • Duties of IT Strategy and IT Steering Committees
    are defined in a formal charter
  • Ensure that the financial institution is paying
    attention to the importance of IT strategic
    planning and its alignment with business
    objectives

25
IT Governance Domain (COBIT)
26
Domain 2 Value Delivery
  • Essential components
  • IT governance overall is about delivering value
    and managing risk
  • Value delivery, which embodies the concept of
    risk-related returns
  • Value delivery is not possible without strategic
    alignment and resource management

27
Domain 2 Value Delivery
  • it is impossible to provide transparency of
    success or failure without performance measurement

28
Domain 2 Value Delivery
  • value delivery is about executing the value
    proposition throughout the delivery cycle,
    ensuring that IT delivers the promised benefits
    against the strategy, concentrating on optimizing
    costs and proving the intrinsic value of IT
    (source ITGI)

29
Domain 2 Value Delivery
  • Key Board responsibilities
  • ensure that stakeholder value is obtained
  • allocation of resources

30
Domain 2 Value Delivery
  • A study carried out within global financial
    services group, ING2, indicates that IT-related
    business investments have the potential to
    deliver far greater returns than almost any other
    conventional investment.
  • Source ITGI, 2008

31
Domain 2 Value Delivery
  • IT-related spending or investment
  • Run the business
  • Grow the business
  • Transform the business

Source The META Group
32
Domain 2 Value Delivery
  • Key components of an IT investment approval
    process include
  • Preparation of a comprehensive business case
    based upon a consistent corporate standard and
    agreed assumptions (e.g. tax rates and inflation
    rates)
  • Establish an approval board or committee

33
Domain 2 Value Delivery
  • Consideration of key financial metrics (e.g. NPV,
    IRR and payback period, etc.)
  • Provision for proper accountability for the
    delivery of results
  • Definition of appropriate hurdle rates for IT
    investments

34
Domain 2 Value Delivery
  • Providing assurance that
  • proper project management processes will be
    followed,
  • all parts of the business will be affected by the
    outcome and
  • Resources necessary to maximize the chances of
    success will be committed
  • Increase capability maturity model (CMM) level
    for systems development and implementation

35
Domain 2 Value Delivery
  • Realizing the Benefits
  • The clarity and precision of anticipated benefits
  • Ongoing tracking of the actual benefits achieved
  • Ensure appropriate accountability

36
Domain 2 Value Delivery
  • Examiners Expectation
  • Board monitors IT delivery against the strategy
    through clear expectations and measurement
  • Management sets baselines for measuring capacity
    and growth planning, service improvement and
    utilizes industry standards and bench marking
  • Operation management measures and reports on
    budget achievement

37
IT Governance Domain (COBIT)
38
Domain 3 Performance Delivery
  • Demonstrates the effectiveness and added business
    value of IT
  • Getting business value from IT and measuring that
    value are important governance domains

39
Domain 3 Performance Delivery
  • IT performance management is aimed at
  • identifying and quantifying IT costs and IT
    benefits.
  • Limitations of traditional quantifiable
    performance measures (financial terms) such as
    ROI, NPV, IRR and payback method
  • Overcome limitations of measuring
    unquantifiable values, i.e. IT balanced
    scorecard

40
Domain 3 Performance Delivery
  • The Balanced Scorecard (BSc) is a performance
    management tool which began as a concept for
    measuring whether the smaller scale operational
    activities of a company are aligned with its
    larger scale objectives in terms of vision and
    strategy

41
Domain 3 Performance Delivery
  • By focusing not only on financial outcomes but
    also on the operational, marketing and
    developmental inputs to these, the BSc helps
    provide a more comprehensive view of a business,
    which in turn helps organizations act in their
    best long-term interests
  • (source Wikipedia)

42
Domain 3 Performance Delivery
43
IT Governance Domain (COBIT)
44
Domain 4 Risk Management
  • Requires
  • Risk awareness by senior corporate officers
  • A clear understanding of the financial
    institutions appetite for risk
  • Understanding of compliance requirements
  • Transparency about the significant risks to the
    enterprise
  • Embedding of risk management responsibilities
    into the organization

45
IT Governance Domain (COBIT)
46
Domain 5 Resource Management
  • Optimal investment in, and the proper management
    of, critical IT resources (i.e. applications,
    information, infrastructure and people)
  • Key issues relate to the optimization of
    knowledge and infrastructure

47
Examiners Responsibilities
  • Review
  • IT strategies, plan and budgets
  • Security policy documentation
  • Organizational charts
  • Job descriptions
  • Steering committee reports
  • Change management procedures


48
Examiners Responsibilities
  • Operation reports and procedures
  • Quality assurance procedures
  • ..Noting exceptions and absence of documentation


49
Examiners Responsibilities
  • Reviewing contractual commitments
  • Development of contractual requirements
  • Contract biding process
  • Contract selection process
  • Contract acceptance, maintenance and compliance

50
Lessons Learnt
  • Each financial institution should have an IT
    Steering Committee with requisite board and
    management involvement
  • The board and management should ensure that
    policies and procedures are reviewed periodically
    for relevance
  • Financial institutions to adopt applicably
    industry best practices and rules to guide IT
    management.

51
Questions
?
52
Additional Resources
  • Executive Summary, COBIT v3.0 and COBIT v4.1
    Retrieved from http//en.wikipedia.org/wiki/COBIT
  • ITIL for service delivery
  • CMM for solution delivery
  • ISO 17799 for information security
  • PMBOK or PRINCE2 for project management
Write a Comment
User Comments (0)
About PowerShow.com