IT Governance in Networked Banking Environment
Today, it’s impossible to even think of a bank that runs without IT applications. As per industry estimates almost 90% of budgets in any bank for technology purposes are spent on maintenance of legacy applications.
The ability and reach of IT have enabled banks to overcome geographical limitations and rising transaction volumes. Historically manual backend processes are equally profiting from IT interventions. This only means that corporate governance today leans strongly on IT.
In India, IT governance in banking has assumed deep significance and one can now see a majority of customer processes being automated, especially with the advent of new payment systems.
Effective governance can increase accountability, provide quantifying criteria, and improve planning for its IT functions, but beyond these, it progresses the ability to support the bank’s strategy and deliver value.
The following table lists down the IT governance objectives as per their priority in percentage terms set by some major financial institutions across the globe.
However, IT governance comes with a slew of risks, and the distinctions among them are distorted with the merger of people, processes, and technology. This can lead to a serious impact on operational effectiveness. In banking today, more systems, applications, and services are exposed to the customer through self-service channels which have a direct bearing on customer experience. They can create significant opportunities but increase the risk of poor performance. Thus, the quality of IT governance has become an important tool for managing risk and marketplace effectiveness.
There is a need for security governance within banks, which entails building a robust framework and laying down a comprehensive information security policy. Besides, it relates to creating a data prevention framework for minimizing data breaches.
MODEL TO ASSESS IT GOVERNANCE IN BANKS
IT governance is now used as a tool for business transformation. Five metric models can be used to assess the effectiveness of IT governance in any financial institution.
Following are the metrics (COBIT Framework):
- Strategic Alignment: This involves the involvement of all the stakeholders to ensure that IT strategy is linked to business strategy and is directed towards balancing investments and making appropriate use of IT resources.
- Value Delivery: It deals with making sure that IT delivers the value across the value chain which has been recognized at the start of any governance project.
- Performance Delivery: In this, the business value obtained from IT is quantified to understand the return on investment.
- Risk Management: A separate IT governance model can be proposed around risk management as it’s the most important pillar of any IT governance initiative.
- IT Governance Model Based On Integration of Risk Functions: This model is based on the idea that control functions operating within banks can be integrated to assess IT Governance.
As per Basel norms, there are three mandatory control functions in banks: risk control, compliance, and internal audit. While risk control is accountable for monitoring and analysis of risk, and participation in the design, implementation, and oversight of risk management models, compliance is concerned with identification and assessment of compliance risk and assessing the impact of changing regulations, and internal audit examines and evaluates wholesome business processes and control mechanisms. All three functions are exclusive organizational units and their purpose is the insurance of the bank’s appropriate business activity performance.
Following are some of the areas falling under various control functions that need to be evaluated for assessing IT governance.
- Information and IT risk management.
- Physical and logical access control.
- Information Security asset.
- Operational and system files.
- Password security.
- Configuration management.
- Change management.
- Business continuity management.
- Disaster recovery.
KEY PRACTICES FOR EFFECTIVE GOVERNANCE
For a financial institution to benefit from IT governance, some of the practices which they can employ are detailed below:
- Risk Management Collaboration – It deals with the collaboration between business and IT to develop an overall approach to IT risk management.
- Unambiguous project metrics – Laying down all the project metrics right at the start such as efficiency improvement and how to drive revenue.
- Preventing data loss: Data loss prevention (DLP) helps to detect and to prevent confidential data from being “leaked” out of an organization’s boundaries for unauthorized use.
- Process-driven environment – The organization will need proper documentation for all the processes and, the use of various process improvement tools such as six sigma and lean practices.
- Restructuring Approach and abiding- Redefining the IT governance structure as per company culture. It can be decentralized or centralized as per operational extent and make IT governance a strategic component of overall corporate strategy.
- Asset management – This involves making appropriate use of all the resources while aligning them to various business needs.
- Measuring customer satisfaction – Employing feedback and surveys to understand customer satisfaction.
- Effective communication –Building effective communication culture within the IT organization.
With apparent benefits accruing from IT governance- such as reduced costs, reduced exposure to legal risk, and improved performance, thus developing and implementing an Information Governance Framework (IGF) is of paramount importance for any banking institution.