Вы находитесь на странице: 1из 12

Name

Kasun Rajitha Mawella

Student ID :14852806
Assignment 2 of Information Technology Strategy and Policy
(408208)
Title: Strategic Plan of the adoption framework to Cloud based
computing system in to a banking environment

1 Introduction
Sampath bank is a prominent bank in Sri Lanka which offers all banking
services under one roof to customers in Sri Lanka as well as Sri Lankan expat
community working from abroad with the vision statement to become The
Growth force in Sri Lankan Finance Services. Recently the bank adopted
Cloud Based Computing system to provide more security, efficiency and
reliable services to its customers and, through this system they are hoping to
increase profitability for the bank in long run. After adopting the cloud base
system, the board of directors has identified several positive feedbacks from
both customers and employees and they have learned that this initiative
helped them to reduce the cost for the IT assets as well.
While the bank is operating perfectly, board of directors have suggested
aligning the cloud based system by adopting a frame work which can give
more control objectives and information. In order to perform this task,
Sampath bank has decided to take COBIT governance frame work into their
organization and with a primary research analysis it will align company all
resources in appropriate manner.
According to the ISACA IT governance is the responsibility of the directors of
the board and higher management and it also a part of governance
enterprise. IT governance consists of the leadership, structure of an
organization and the process to make sure that IT sustain and extends to
meet organization objectives.(Haes & Gremberge, n.d).

Name
:

Kasun Rajitha Mawella

Student ID :14852806

2 Governance impact on banking environment


Banks can be categorized as local banks and International Banks.
International banks are financial entities which offer their services to global
clientele while local banks are more into giving their services to a particular
geographical area. People, process and technology are taken into
consideration, and by utilizing those factors can reduce the operational line.
In today systems, application and services are more integrated with
customer directly by automated systems and it gives direct feedback on
customer experience. This may also lead to higher risk and low performance
while opening up high level opportunities (Nelsestuen, 2013). This view point
is supported by (Sinha, 2012) and it proves the requirement of IT governance
practice to banking environment as well.
IT governance provides,

Align functions to organization for more benefits (Litchfield, 2014a).


o Take the feedbacks on IT and negotiate on IT resource plans
which bank has made to ensure business balance.
o IT framework on bank will evaluate, Prioritize and allocate the
available resource on service requests.
o IT helps to build relationship with management and the executive
staff in the bank.
It enables
more opportunities to banks and maximizes
benefits(Litchfield, 2014a).
o IT will identify the opportunities in the business and what need to
be done to make profit and to make customer satisfy including
the strategies in business, key success factors and objectives
and goals within the organization.
o IT in the bank will constantly effect to the development process
of the bank to meet bank objectives.

Name
:

Kasun Rajitha Mawella

Student ID :14852806

It allocates resources and perform risk management(Litchfield,


2014a).
o IT governance will perform Information security risk and
operational risk of the bank.
o Discover the IT asset in the bank and apply for the disaster
recovery plan.
o IT will track and monitor the implementation, success of the
project and usage of the resource to provide higher efficiency.

Figure 2.1 IT Governance Process (Litchfield, 2014a)

The main focus on IT governance is the responsibilities on board of directors


and the senior management in order to control creation and the
implementation of IT strategy within the organization to make sure the
alignment of IT and the business. To identify the matrices which are running
within the organization to measure business value of IT and to manage risk
in and effective and efficient way (Lackovi, 2013).
When considering the new model for IT governance, it has to be effective to
the organization and it has to be influences to overall business performance.
3

Name
:

Kasun Rajitha Mawella

Student ID :14852806
Below model based on the control functions which can use within the bank
and with the contribution of IT governance it can be improved. (Lackovi,
2013) also support the fact and Croatian National Bank also adopted new
model and showed performance on their operational level. In order to
achieve this below IT component has to be in the Sampath bank system.
1) Information System safety.
2) IT risk management and recover plans.
3) Access control management in physical and logical ways.
4) Asset management on Information system.
5) Operational and system files management.
6) Backup and recovery management.
7) Assets and supplier management.
8) Safety management.
9) Security management.
10)
IT configuration management.
11)
Disaster recovery management.

Figure 2 - Scope of IT governance and measurements (Milne &


Bowles, 2009)

Name
:

Kasun Rajitha Mawella

Student ID :14852806
When considering the scope of IT governance, there should be a way to
measure the facts that has been studied and Figure 2 shows the components
that should be addressed.
Strategic Alignment

Understanding the requirement of the business

Sampath bank has been served for Sri Lankan community for more than 20
years with guaranteed customer satisfaction along with achieving healthy
profit margins and to become a house hold name for banking needs for any
Sri Lankan.

Develop IT strategy and objectives

By adopting a cloud base environment system to current bank system and to


provide the most of the banking needs for customers.

Resource allocation

Sampath bank has financial capital as well has human capital to adopt the
cloud base environment and by utilizing every resource more efficiently the
bank can manage the resource without wasting.

Demand Management

Once the cloud base system has been implemented, the demand for system
requirement might increase day by day. Therefore by monitoring the system
for frequently and predicting future requirements and taking necessary
actions can call as demand management.

Communication

In a bank communication take place high priority and by having IT into


environment can facilitate the business communication.
Value Delivery

Identify the Project and service value drivers

Name
:

Kasun Rajitha Mawella

Student ID :14852806
By monitoring the system frequently, the bank can identify the benefits that
bank receive in return and to know the procedure is healthy for a bank and
that can be done by the use of value governance, portfolio management and
investment management parameters.
Performance Management
Surveys are the best way to check the banks performance and surveys can
be done with all stake holders. Process improvements can be achieved after
considering the data extracted from surveys. So a survey always helps to
make management decisions more effectively and welcoming thoughts from
stake holders and passing them to relevant departments can always improve
the customer centric nature of the business.
Resource management
To achieve profit margins bank should manage their human resources as well
as other tangible and intangible resources. Adopting a cloud base banking
system is a good way of resource management because storing and
extracting data from a cloud system means less paper work and more
security. This cuts significant amount of bank expenditure on resources.

Risk Management
System stability, security, efficacy are coming under the same category
when consider the risk of the system, also technical team has to consider the
downtime of the system and has to manage that as soon as possible to make
sure all functions are working properly. This can be achieved by having
disaster recovery management plan like backup all information and data to
another cloud or server.

3 Frame work adoption to banking system

Name
:

Kasun Rajitha Mawella

Student ID :14852806
According to ISACA, 'Central bank of republic of Armenia' also saw the
importance of the IT and they also decided to go for COBIT frame work and
through that bank has globally accepted good experience from IT
governance from all organizations which can use to ensure that their IT is
helping to banking system to achieve management goals and objectives. The
board of directors chooses COBIT as their frame work after the conducting
global research and found that COBIT was well known and globally respected
(ISACA, n.d-a). This point of view supported by (ISACA, n.d-b) and realized
the use of COBIT will provide much and more extra benefits, including more
controlled IT sectors which can be combined with business processes.

Sampath bank intends to follow IT governance implementation with below


phases,

Phase
Phase
Phase
Phase
Phase

1
2
3
4
5

Collect information.
Planning and organization information.
Implementation with respect to requirement.
Delivery on time.
Monitoring afterwards.

Figure 3.3 COBIT Frame work (Litchfield, 2014b)

Name
:

Kasun Rajitha Mawella

Student ID :14852806

The process of the COBIT Implementation is to ensure security, operation,


business consulting and application development and support the units
which are in IT department. Then the Bank IT team will conduct the analyzing
and risk factors that can be face in further. COBIT implementation in Sampth
Bank will be start by identifying the tangible and intangible IT asset in the
company then owners will be determined. Then COBIT analyzing will perform
to get the idea about existing controls and objectives. As in final phase,
action plan will apply to find redundant controls and redesign same existing
with the bank (ISACA, n.d-b).
Sampth Bank is local bank which is established on 1986 in Sri Lanka to
provide all banking function to customers. The main objectives in bank are to
bring fast and secure banking system for customer as well as the employees.
Locally it has 216 branches and 316 ATM machines operating every day for
customers (Sampth Bank, n.d) . The board of directors has decided to use
Control Objectives for information and related technology (COBIT) to comply
the rules and regulation and requirements set by bank and also to take
additional benefits, including more IT controlled operation which can
integrated with business process. The goal of the bank is to by adopting

Name
:

Kasun Rajitha Mawella

Student ID :14852806
COBIT is to achieve higher performance level of IT processes, manage and
control IT risks.
The initial process of the COBIT implementation is on security, fast operation
and support units in the IT department. COBIT implementation has been
started by looking at the tangible and intangible asset on IT and the
responsible owners. After the identification of that, responsible employees
related to IT operation included in COBIT. COBIT GAP analysis was performed
after that to determined existing control. After COBIT objectives and analyzes
details sampath bank defined the required controls which have to be
developed to meet COBIT control requirements.
As in final process, action plan was defined to address control deficiencies
which identified by COBIT and remove the redundant controls and operation
and redesign same architecture with existing control to comply with COBIT
objectives. These specifications were prioritizes according to the risk level.
Project management, information security were developed as in new control
to ensure that existing controls were aligned with expected COBIT controls.
By implementing COBIT into sampath bank architecture COBIT have given
below results to make sure bank is in alignment.
COBIT ensured the IT process and design level support to business
objectives
With the implementation of COBIT, IT team prepared IT staregic and tactical
planning frameworks for senior management to align the business plans to
support business inorder to make profits.
Center management of IT
COBIT controls brought every IT activates in group units and through that
everything were organized successfully.
Developed controls and reduce risk to some level
With the policies and procedures in COBIT most of the IT risks were
minimized.

Name
:

Kasun Rajitha Mawella

Student ID :14852806

As in additional benefits the results by adopting COBIT is,

It changed the business process into much more controlled and


effective way.
Services level was improved, performances were improved and
through that COBIT gave well handle services to senior management
team.
Customer satisfaction was improved and measured.
Stakeholder visibility IT operation process has improved.
Problem management came much more efficient and risk management
was improved.

As in future plans, Sampath bank IT team will use COBIT to measure the
performance of IT process in the bank system and it will play a vital role for
effective IT governance. The Organizations goals are to measure
performance and keep track of performance based on how they deliver and
what kind of services they need to deliver. Key performance indicators (KPIs)
and Key goal indicator (KGIs) will choose each and every IT process in the
architecture. Senior management and IT relationship will perform the target
and matrices for IT process and it will be determined. After calculating all
analytical data performs on the system, continuous improvement will be
improved with the system (ISACA, n.d-b).

10

Name
:

Kasun Rajitha Mawella

Student ID :14852806

4 Conclusion
IT governance into banks is based on five main functions (namely Risk
Management, Resource Management, Performance Measurement, Value
Delivery and Strategic Alignment) and it enables banks to get more insight
into their IT governance by calculation the every analytical data. IT risk
management based on governance concepts and it has reputational risk.
Bank will get companywide access over own IT governance and the process
behind it will do the improvement to the system. By adopting IT governance
to banks can achieve long term sustainable growth and profit with maximum
customer satisfaction and minimum the risk and that can lead to more
financial stable organization and socially responsible towards to clients,
employees and stakeholders.
COBIT is not just another framework because it is a holistic business
framework which important for IT governance and management of the Bank.
With growing values of IT in organization and huge investments being made
for e-Business and e-Governance projects all the time and the e-way
becoming the highway for all main business processes, it is important that
everyone learns how to use COBIT to make sure that we become more
effective and efficient because it can contribute in our area of work to
facilitate achieving the Bank business goals.

11

Name
:

Kasun Rajitha Mawella

Student ID :14852806

5 Reference
Haes, S., & Gremberge, W. (n.d). IT Governance and Its Mechanisms
Retrieved Octomber 10, 2014, from http://www.isaca.org/Journal/PastIssues/2004/Volume-1/Pages/IT-Governance-and-Its-Mechanisms.aspx
ISACA. (n.d-a). COBIT Case Study: Central Bank of the Republic of Armenia
Retrieved Octomber 14, 2014, from http://www.isaca.org/KnowledgeCenter/cobit/Pages/Central-Bank-of-the-Republic-of-Armenia.aspx
ISACA. (n.d-b). COBIT Case Study: Kuwait Turk Retrieved 2014, from
http://www.isaca.org/Knowledge-Center/cobit/Pages/Kuwait-Turk.aspx
Lackovi, I. (2013). Model for IT Governance assessment in banks based on
integration of control functions. Retrieved Otcomber 12, 2014, from
http://www.toknowpress.net/ISBN/978-961-6914-02-4/papers/ML13275.pdf
Litchfield, A. (2014a). IT Governance : Part 1 [Course notes]. from Auckland
University of Technology AUTonline website: https://autonline.aut.ac.nz/
Litchfield, A. (2014b). IT Governance : Part 2 [Course notes]. from Auckland
University of Technology AUTonline website: https://autonline.aut.ac.nz/
Milne, K., & Bowles, A. (2009). How IT Governance Drives Improved
Performance
Retrieved
Otcomber
20,
2014,
from
http://www.isaca.org/Groups/Professional-English/governance-ofenterprise-it/GroupDocuments/ITPI_IT_Governance_summary_paper.pdf
Nelsestuen, R. (2013). IT Governance the Small and Mid-Sized Bank: Do You
Measure
Up?
Retrieved
Octomber
1,
2014,
from
https://www.executiveboard.com/blogs/it-governance-the-small-andmid-sized-bank-do-you-measure-up/
Sampth Bank. (n.d). Sampath Bank.
Retrieved Otcomber 22, 2014, from
http://www.sampath.lk/en/about
Sinha, A. (2012). IT and governance in banks some thoughts Retrieved
from http://www.bis.org/review/r120704c.pdf

12

Вам также может понравиться