IT governance is critical for reducing risk

The banking sector plays a crucial role in the economic functioning of any country, acting as an intermediary for funds between deposited funds and activities that support enterprise and drive economic growth.

As the core business of banking relies on technology, effective corporate governance is critical to the proper functioning of the banking sector and the economy as a whole. The majority of banking processes are heavily dependent on technology, and if not effectively governed, business continuity and availability of services is put at risk. The repercussions of such issues could transmit across the entire banking sector and the local economy. IT governance is therefore critical in reducing risk, ensuring availability, and maintaining economic stability.

The benefits of IT governance

IT governance is essential for many reasons, chiefly managing risk across areas including business continuity, availability of services, information security, integrity of information and effective capacity planning. Without the right measures in place, banks could lose customers, leak confidential information, and have a reputational disaster on their hands. IT governance is also a compliance requirement, both internally with the policies of many banks, as well as externally regarding legislation such as Basel III and the Financial Intelligence Centre Act (FICA). Aside from the risk of ineffective IT governance, however, it also offers a number of benefits and can potentially add significant value for banking organisations.

One of the most significant benefits of IT governance is that it helps to align IT and business strategy, ensuring that IT delivers solutions that will benefit the bank as a business and support strategic imperatives. In addition, it enables more effective management of IT investment, ensuring that only those ventures that will add real value are pursued. IT governance supports more efficient and effective IT services, which in turn ensures a more efficient organisation as a whole. It also enables banking organisations to become more forward-looking in terms of technology planning, delivering a managed approach that ensures banks can take advantage of emerging technologies in a structured way that manages the risk.

Further to this, more strategic IT planning enables banks to gain a longer-term view of their IT investment to become more proactive in meeting customer and banking needs. Other benefits include an enhanced corporate image and more efficient business processes, as they run on IT services. Risk is only one side of the picture when it comes to IT governance.

The role of Service Management

IT governance in banking is guided using the COBIT 5 framework, which specifies a number of information related processes that need to be put into place. This includes application development, monitoring, IT strategy and others, as well as IT service management. It is essential, while tackling IT governance, to also ensure that customer-facing processes are optimised and that customers are provided with the solutions and IT services they require.

Without IT Service Management (ITSM), IT governance is not possible. However, while attempting to address the need for ITSM, many banking organisations have embarked on initiatives to “implement ITIL”. The challenge here is that ITIL is not a solution, but a framework, like COBIT, that is used to improve processes. ITIL helps organisations to achieve effective ITSM. ITIL can, however, be adopted as a best practice framework to change the bank’s way of working, which will bring it more in line with ITSM and continual service improvement.

Process improvement, driven by frameworks like COBIT and ITIL, is the first step in adopting a service-oriented approach to IT. However, it cannot be successful if the culture of the organisation does not support it. ITSM is not simply a set of processes that are designed, but is driven by culture and attitude within the enterprise. As a result, it needs to be driven from an executive level as a business imperative, with a sense of ownership and accountability. Buy-in from the top level is critical to ensure processes support the business and can be implemented in such a way as to drive value.

The right tools for the job

Solutions are available to support the deployment of ITSM within an organisation, and there are several characteristics that such tools should incorporate:

• Simple, cost effective and relatively easy to implement;
• Adaptable to changing circumstances and processes;
• Supports the integration of processes;
• Out of the box ITIL functionality and process support;
• The ability to customise processes when necessary;
• Essential reporting including standardised reports and support for custom report development to ensure on-going relevance;
• Instant access to knowledge items, customer equipment, services and contract details;
• Automatic selection of the best support specialist or team;
• Automatic communications and notifications during service requests; and
• Automatic prioritisation, business impact and SLA management.

In addition to these criteria, ITSM tools also need to support a variety of related frameworks and standards, including ITIL, ISO/IEC 20000, ISO/IEC 27001, SOX, COBIT and others.

IT governance is essential for the banking sector for both managing IT related risk versus the reward one hopes to obtain. ITSM supports IT governance by providing frameworks and tools for the development of continual service improvement. This in turn it delivers additional benefits. These benefits include: improved customer satisfaction; better internal and external communication; and improved management of SLAs, OLAs and other contracts. It also ensures better control of IT assets, improved resource and cost management, and increased confidence in service delivery capability. Furthermore, ITSM is essential for both IT and corporate governance, as it provides the mechanisms necessary to demonstrate compliance with both internal and external standards as well as legislative requirements.

Edward Carbutt is the Executive Director and Delton Sylvester is an IT Governance Consultant at Marval Africa.

Read Previous

Prevention is better than cure

Read Next

When will we connect the dots?