Financial Crime World

Here is the article in Markdown format:

IT Governance Crucial for Bank’s Success

=====================================================

The Bangko Sentral (BS) has emphasized the importance of effective IT governance in banks to ensure the success of their business and financial institutions (BSFIs). In a recent statement, the BS highlighted the need for BSFIs to establish a robust IT governance framework that aligns with their business strategy.

ITSC: The Heart of IT Governance

At the heart of this framework is the IT Strategic Committee (ITSC), which should be ratified by the board to clearly define its roles and responsibilities. The ITSC should provide regular updates on IT performance, major projects, and significant issues to enable informed decision-making by the board.

Head of IT: The Key Player

BSFIs should designate a full-time head of IT or equivalent rank to oversee key IT initiatives and ensure the effective delivery of IT services to business units. This individual should report directly to the president or CEO and be responsible for managing the IT budget, performance management, IT acquisition oversight, professional development, and training.

Key Responsibilities

  • Manage IT budget
  • Oversee performance management
  • Ensure effective delivery of IT services
  • Report directly to the president or CEO

Clear Roles and Responsibilities

To reduce the risk of compromise, BSFIs should document clear roles and responsibilities for individual IT functions and ensure proper segregation of duties. In cases where it is difficult to segregate certain control responsibilities, adequate compensating controls should be put in place.

Segregation of Duties

  • Document clear roles and responsibilities
  • Ensure proper segregation of duties
  • Implement compensating controls when necessary

IT Policies and Procedures

BSFIs should adopt and enforce well-defined IT policies and procedures that are frequently communicated to establish and delineate duties and responsibilities. The ITSC should review these policies at least annually, with any updates or changes clearly documented and approved.

IT Policy Review

  • Review IT policies at least annually
  • Document updates or changes
  • Obtain approval from the ITSC

IT Audit: An Independent Assessment

Audit plays a critical role in IT governance by performing an independent assessment of technology risk management processes and controls. BSFIs should establish effective audit programs that cover IT risk exposures throughout the organization, promote sound IT controls, and ensure timely resolution of audit deficiencies.

IT Audit Program

  • Establish effective audit program
  • Cover IT risk exposures throughout the organization
  • Promote sound IT controls
  • Ensure timely resolution of audit deficiencies

Staff Competence and Training

To remain competent and meet the required level of expertise, BSFIs should have an effective IT human resources management plan in place. This includes allocating sufficient resources to hire and train employees, ensuring staffing levels are sufficient to handle present and expected work demands, and providing for smooth transitions in key positions.

Staff Competence

  • Allocate sufficient resources for hiring and training
  • Ensure staffing levels meet present and expected demands
  • Provide for smooth transitions in key positions

Management Information Systems (MIS)

BSFIs’ IT organizations provide critical support for their MIS systems, which generate accurate and timely reports essential for prudent business decisions. To ensure the integrity of this information, management should establish appropriate control procedures to protect it from inaccuracies or unauthorized access.

Control Procedures

  • Establish control procedures
  • Protect MIS data from inaccuracies or unauthorized access
  • Ensure accurate and timely reporting

IT Risk Management Function

Effective IT governance requires a robust risk management function that identifies, measures, monitors, and controls IT risks on a periodic basis. BSFIs should define and assign these critical roles to a risk management unit or group of persons from different units.

IT Risk Management

  • Identify, measure, monitor, and control IT risks
  • Define and assign critical roles
  • Ensure periodic reviews and updates

By implementing these best practices, BSFIs can ensure the success of their business and financial institutions by establishing a robust IT governance framework that aligns with their business strategy.