Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Copy of Banking ICT Governance Framework

A thesis submitted in partial fulfilment of the requirements of Kingston University for the degree of MSc in IT & Strategic Innovation

Fedaa Abdullah

on 12 October 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Copy of Banking ICT Governance Framework

Feda Abdallah
A thesis submitted in partial fulfillment of Kingston University requirements for the degree of MSc in IT & Strategic Innovation, It aims at designing ICT governance framework that is tailored to satisfy banking sector requirements Banking ICT Governance Framework IT employment in banking sector results in more exposing to different types of operational risks (Paul, 1997)

Banks are a critical component of the overall economy, that affect the stability of countries’ financial situation (Paul, 1997)

Legal compliance requirements for information technology Governance such as the US Sarbanes-Oxley Act of 2002 (IT Governance Institution ,2006) and PCAOB Auditing Standard (Public Company Accounting Oversight Board,2003).

Increase demand on organizations to implement certain internal control frameworks that ensure managing risks associated with IT employment (Kaarst-Brown and Kell, 2005). Why to use ICT Governance for Banking ?? The purpose of this paper is to design banking ICT governance framework (BICTGF) that satisfies the following:

Answering for related compliance requirements
Mitigating operational risks as a main component of risk management
Including ICT management in the corporate governance responsibilities of the boards to increase its return on investment Project Aim Requirements Elicitation BICTGF Design BICTGF Evaluation & Critical Analysis
The Followed Methodology is ‘Action Research’.

The resources of this project vary:
personal experience of the researcher in banking industry to the related.

Publications such as
conference papers,
implementation guides ,
white paper published by related parties, journal and magazine articles

A survey for the evaluation of
the BICTGF. Methodology and Project Phases BICTGF Requirement
Elicitation BICTGF Design BICTGF Evaluation & Critical Analysis Survey Pros & Cons Future Work Environment
Requirement ICT Related
Requirement Industrial Practice (Faced Problems) Analyzing existing frameworks Evaluating
existing frameworks Environment
Analysis After (IT Governance Institute ,2007a) Environment Analysis ICT Governance is a framework that defines processes, standards and controls with which the corporation’s intellectual capital, information and systems are ensured to support and enables the business to achieve its goals (Weill and Jeanne, 2004).

ICT Governance Expected Role (Basel Committee on Banking Supervision, 2004):

Answer for Compliance requirements,
Risk Management,
Support Corporate Governance Function. More Specifically Two levels of preparations (IT Governance Institute, 2007a):
Integrating Basel Requirement and COSO ERM Framework to elicit the areas that ICT governance has to cover in an aligned way to COSO ERM Framework
Translate the integration results in terms of ICT governance Guidelines After :IT Governance Institute, 2007a Environment Requirements can be summarized as follows IT Related Requirements Focusing on the technical side of ICT without enough consideration to its role in business

Focusing on formalization and structuralism which affected the flexibility of the framework

Using general models that are not specifically tuned for each industry needs and business models

Poor communication amongst all Stakeholders

Separating IT management from the business management Industry Best Practices and Usually faced problems (IT Governance Institute, 2003). ICT Governance Objectives : Industry Best Practices and Usually faced problems Existing ICT Governance Frameworks Analysis BICTGF Survey Questions Survey Results Requires Training
Needs Implementation Plan
Requires Customization Industry specific framework
Solid base of regulatory requirements and definitions
uses existing frameworks bridges the gap between the technical and business
aligned with the GRC environment (cc) photo by medhead on Flickr Pros & Cons Conclusion & Future Work
The main improvement steps can be summarized as follows. First of all, to improve the practical side of the BICTGF, an implementation plan has to be prepared showing the following aspects:

•Number of staff needed for the implementation and their profession
•Time line
•Other resources

In addition to that, it is important to arrange a training plan as well as change management strategy to support the implementation phase of the suggested governance framework. Finally, it is important to seek the support of big IT consultants in the market to adopt this project and help in building upon it and implement it or implement parts of in real business world. Future Work & Recommendation This project introduced banking ICT governance framework or (BICTGF); The BICTGF presents a comprehensive methodology to achieve ICT governance as a critical component of corporate governance within the bank’s GRC environment .

BICTGF does not aim only at including ICT related aspect to the strategic level management as what the governance role implies , but also aims to translate these strategic decision to technical requirements that can be smoothly and effectively communicated throughout the whole managerial chain , starting by the boards and ending by IT clerks.

This framework as well as the main concepts related to it , were evaluated through a survey that targeted ICT governance experts and IT practitioners ( shown in chapter 9) , the results of that survey were positively supporting the BICTGF main concepts and roles.

Nevertheless, it is recommended to develop certain aspects related to the implementation phase such as preparing an implementation plan , training plan and change management strategy to improve the practical aspects of BICTGF. Conclusion Basel Committee on Banking Supervision (2004) Basel II: International convergence of capital measurement and capital standards, a Revised Framework. Available at: http://www.bis.org/publ/bcbs107.htm Bank for International Settlements. (Accessed: 17/Sep/2012).

Calder, A. (2008) Corporate Governance A Practical Guide to the Legal Frameworks and International Codes of Practice. London: Kogan Page.

Feltus, C., Petit, M. and Ataya, G. (2008) Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations. Wellington, New Zealand: Corporate Governance of IT, Vol. 1 No. 1.

Hart, O. (1995) 'Corporate Governance: Some Theory and Implications ', The Economic Journal, 105 (430), pp. 678.

IT Governance Institute (2007a) IT Control Objectives for Basel II - IT Governance Institute. USA: ISACA.

IT Governance Institute (2006) IT Control Objectives for Sarbanes-Oxley, 2nd Edition USA: ISACA.

IT Governance Institute (2003) Board Briefing for IT Governance, 2nd Edition. Information Systems Audit and Control Association. Available At: http://wikimp. mp.go.gov. br/twiki/pub/EstruturaOrganica/AreaMeio/Superintendencias/ SINFO/Estrategia/ BibliotecaVirtual/MaterialExtra/26904_Board_Briefing_final.pdf, (Accessed: 17/Sep/2012).

Kaarst-Brown, M. L. and Kelly, S. (2005) IT Governance and Sarbanes-Oxley: The Latest Sales Pitch or Real Challenges for the IT Function? System Sciences, 2005. HICSS '05. Proceedings of the 38th Annual Hawaii International Conference, pp. 236a, 03-06 Jan. 2005

Paul, T. (1997) 'IT failure the biggest risk. ( information technology) (FBSA 50th Anniversary: International Banking in London)', The Banker, Vol.147 No.862, pp. P44.

Weill, P. and Jeanne Ross (2004) IT Governance: How Top Performers Manage IT Decision Rights for Superior Results Harvard Business School Press. References Any Questions ? Thank You After :IT Governance Institute, 2007a after : (IT Governance Institute, 2003; IT Governance Institute, 2007a) Stakeholders of BICTGF are defined :
- as everyone who is related to certain system whether they are using it to deliver/get a service
-they are directly/indirectly affected by it.

Boards, Senior Management, Executives, Directors, Employees [IT/ Non IT], internal auditors and Customers are all considered to be Stakeholders (IT Governance Institute, 2003). Responsibility Model How Does BICTGF Achieve the ICT banking requirements as well as the usually faced problems To Improve the Quality of the BICTGF , to help in avoiding the usually faced problems , this paper adopted :

1- Integration Technique
2- Technical Dimension
3-Stackholders and Responsibility Model
4- Communication The 5 Main Objectives After:Feltus, Petit and Ataya 2008. In this presentation we are going to discuss :
1- the Research Motivation
2-Project Objectives
3-The Main project Phases
5- The Proposed Framework Evaluation
6- Recommendation & Conclusion Introduction Corporate governance is defined as the combination of legal and non-legal frameworks that enables the board of directors to exercise their duties in a way that protects shareholders’ rights and holds directors accountable for their actions and decisions (Hart, 1995).

It is based on the concept that corporation is a legal entity with a legal personality that is separated from its shareholders personalities (Calder, 2008). The governance environment can be described by the GRC “Governance, Risk Management and Compliance” concept, is an integrated environment that draws a high level map to ensure best corporate governance, it addresses ICT risk and governance through addressing operational risks which is a part of the overall risks within an organisation (IT Governance Institute, 2007a)
Full transcript