IT Governance and Risk Management

Similar documents
1 st MENA CEO Insurance Summit Amman, Jordan 19 June Dr. Nasser Saidi Executive Director Hawkamah

Risk Management Framework

NBER WORKING PAPER SERIES THE AFTERMATH OF FINANCIAL CRISES. Carmen M. Reinhart Kenneth S. Rogoff

Diminished Expectations, Double Dips, and External Shocks: The Decade After the Fall

New Monetary Policy Challenges

China, The U.S. and Financial Crises. Jorge Salazar-Carrillo and Xu Li*

Welcoming Remarks. Financial Interdependence in the World s Post-Crisis Capital Markets. Charles I. Plosser

State Farm Bank, F.S.B.

Stress testing and capital planning - the key to making the ICAAP forward looking PRMIA Greece Chapter Meeting Athens, 25 October 2007

The Argument for Corporate Debt December 2008

3 Bank lending and the recovery

EAST AYRSHIRE COUNCIL CABINET 21 OCTOBER 2009 TREASURY MANAGEMENT ANNUAL REPORT FOR 2008/2009 AND UPDATE ON 2009/10 STRATEGY

Good Governance, Liberalization & Innovation: Insurance

Item No. 18 GREATER MANCHESTER FIRE & RESCUE AUTHORITY AUDIT COMMITTEE 23 RD JUNE 2010 AUTHORITY 24 TH JUNE 2010

Your Window on Investing

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Testimony of Deyanira Del Rio Chair, Board of Directors Lower East Side People s Federal Credit Union

The Global Banking Crisis: an African banker's response

IT Compliance After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

TESTIMONY OF BERT A. OTTO DEPUTY COMPTROLLER, CENTRAL DISTRICT OFFICE OF THE COMPTROLLER OF THE CURRENCY. before the

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Recognised Investment Exchanges. Chapter 2. Recognition requirements

MISSION OF THE FARM CREDIT ADMINISTRATION

Practical perspectives in advancing data governance to create improved data quality frameworks

STRESS TESTING GUIDELINE

ICT Project Management

Principles for An. Effective Risk Appetite Framework

1. The financial crisis of 2007/2008 and its impact on the UK and other economies

What Should IS Majors Know About Regulatory Compliance?

Regulatory risk metrics and the independent risk function (IRF)

EIB Group Risk Management Charter

Lecture 4: The Aftermath of the Crisis

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

EBF response to ESMA consultation on the exemption for market making activities and primary market operations under Regulation (EU) 236/2012

Board Risk & Compliance Committee Charter

A CONSOLIDATED VERSION OF THE PUBLIC DEBT MANAGEMENT ACT

PRACTICE ADVISORIES FOR INTERNAL AUDIT

Principles and Practices in Credit Portfolio Management

Is U.S. Household Savings Rate Dangerously Low?

Lecture 16: Financial Crisis

Gibraltar as an International Financial Centre for Wealth Management

How To Understand The Financial Philosophy Of A Firm

Financial Services Authority FINAL NOTICE. Sun Life Assurance Company of Canada (UK) Limited. FSA Reference Number:

ENTERPRISE RISK MANAGEMENT POLICY

What Should the Recovery, Resolution and Crisis Management Processes Be? John F. Bovenzi June 16, 2016

Risk Management in IT Governance Framework

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman

Prof Kevin Davis Melbourne Centre for Financial Studies. Current Issues in Bank Capital Planning. Session 4.4

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

It s a great pleasure to have the opportunity to talk to the School s students, alumni and academic staff this evening.

DTZ Corporate Finance Limited Pillar 3 Disclosures as at 30 April 2009

Money Market Mutual Funds: Stress Testing and the New Regulatory Requirements

Prepaid International Forum: 9 February 2012

INTERNAL AUDIT FRAMEWORK

NORGES BANK TOWARDS 2016

December 6, Dear Mr. Speaker and Honorable Members of the Standing Committee:

THE GREAT DEPRESSION OF FINLAND : causes and consequences. Jaakko Kiander Labour Institute for Economic Research

Central Bank of The Bahamas Consultation Paper PU Draft Guidelines for the Management of Interest Rate Risk

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Managing Working Capital Liquidity July 29, :00 3:15 PM

LIST OF AVAILABLE COURSES

The Quarterly UK & Eurozone Corporate Cash Report

Athens, 2 December 2011 Hellenic American Union Conference Center

Third Parliamentary Forum on Shaping the Information Society

REPUBLIC OF KENYA COUNTY GOVERNMENT OF LAIKIPIA MEDIUM TERM DEBT MANAGEMENT STRATEGY 2013/ /18

IIROC s Regulatory Agenda: Market and Dealer Regulation

APB ETHICAL STANDARDS GLOSSARY OF TERMS

Achieving Business Imperatives through IT Governance and Risk

Clint M. Hanni Partner Corporate Section of the Business Services Group

ERM Practice and Challenge in China Insurance Company. Zhang Chensong, FSA,CERA,FIA,FCAA Head of Risk Management Taikang Life Insurance

OFHEO Director of Supervision OFHEO Office of the Director and Associate Directors Chief Executive Officers of Fannie Mae and Freddie Mac

CORPORATE GOVERNANCE GUIDELINES WD 40 COMPANY

Application for a Banking Authority Foreign Bank Branches Prudential Statement J2

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

Objective of General Purpose Financial Reporting

Goldman Sachs European Financials Conference. 2. I d like to start by thanking our hosts, Goldman Sachs, for inviting me to speak today.

One year with the new macroprudential policy

IV. Investment dynamics in the euro area since the crisis (40)

Genworth MI Canada Inc. BRIAN HURLEY, Chairman and CEO

Dealing with Predictable Irrationality. Actuarial Ideas to Strengthen Global Financial Risk Management. At a macro or systemic level:

Year end results. Basel II Pillar 3 Disclosures 2010

Six Strategies for Volatile Markets When markets get choppy, it pays to have a plan for your investments, and to stick to it.

South East Water Corporation Finance Audit and Risk Management Committee Charter. October 2012

Corporate Governance - Implementation, Challenges and Trends

Comments by Charles Goodhart at the Panel Session at the World Bank Conference on Thursday, October 9, 2003

Reducing public debt: Turkey

Press Release. Major Elements of the Consolidated Accounts. Balance Sheet

Guide to managing liquidity risk

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

REPORT OF THE SUPERVISORY BOARD ON OPERATION IN 2013 AND ORIENTATION FOR 2014

Discussion of Gertler and Kiyotaki: Financial intermediation and credit policy in business cycle analysis

IT Governance Charter

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Revised October 2013

Global Statement of Business Continuity

The Business Impact of Basel III

III. CORPORATE GOVERNANCE IN BANKING ORGANIZATIONS

ZIMELE PERSONAL PENSION PLAN

Bank Capital Adequacy under Basel III

Transcription:

IT Governance and Risk Management Hawkamah Workshop Series 26 October 2009 Dr. Nasser Saidi Chief Economist DIFC Authority ED Hawkamah Institute for Corporate Governance

Agenda Aftermath of the Financial Crises, MENA and GCC Corporate Governance and the Financial Crisis Risk Management Failures IT Governance Failures IT Governance and the Role of the Board Compliance with IT Governance Hawkamah and IT Governance

Stylised Facts on the Aftermath of Severe Financial Crises C. Reinhart & K. Rogoff (2008) 1. Asset market collapses are deep and prolonged. Real housing price declines average 35 percent stretched out over six years. Equity price collapses average 55 percent over a downturn of about three and a half years. 2. Aftermath of banking crises is associated with profound declines in output and employment. Unemployment rate rises an average of 7 percentage points over the down phase of the cycle, which lasts on average over four years. Output falls (from peak to trough) an average of over 9 percent, although the duration of the downturn, averaging roughly two years, is shorter than for unemployment. 3. Real value of government debt tends to explode, rising an average of 86 percent in the major post World War II episodes. Main cause of debt explosions is not the costs of bailing; the big drivers of debt increases are the collapse in tax revenues as a result of recession.

Sources: Reinhart and Rogoff (2008b) and sources cited therein.

Key Outcomes of Financial Crisis in GCC 1. Contra-cyclical fiscal policies played a major role in mitigating the effects of global financial crisis 2. The GCC governments maintained spending commitments to continue infrastructure projects 3. The banking sector has been protected from the worst repercussions of international market seizure and supported when needed without overburdening the Treasuries coffers 4. Liquidity has gradually improved thanks to enhancement in the operations of the central banks 5. Non-oil sector (except real estate) has been remarkably resilient, unlike in previous episodes of oil prices slump

Corporate Governance and the Financial Crisis I Underlying much of the credit crunch has been a fundamental failure in corporate governance. While the financial institutions involved may have been in compliance with local requirements and codes, they have ignored the key point Good corporate governance is about boards directing and controlling the organisations so they operate in their shareholders interests.the use of overtly complex financial products, which thwarted effective supervisory control, and the unethical advancement, at the point of sale, of loans to people with little realistic hope of repaying them shows a lack of basic corporate governance. Association of Chartered Certified accountants Climbing out of the Credit Crunch, September 2008

Corporate Governance And Financial Crisis II Banking and Financial crises have uncovered major failures in corporate governance standards and their implementation in 3 main institutional matters. Boards, their composition and competence Risk Management procedures, processes and implementation Regulators

Risk Management Failures Examples of shortcomings in internal management and in the role of the board: According to a recent survey of 150 UK audit committee members and over 1000 globally: only 46 % satisfied that their company had an effective RM system (KPMG, 2008) Senior Supervisors Group (2008): Almost all 11 banks reviewed failed to anticipate fully the severity and nature of recent market stress. However, marked difference in how they were affected determined in great measure by their senior management structure and the nature of their RM system. Failures in a number of financial companies: Crédit Suisse, Lehman Brothers, Société Générale, Citibank, UBS.

Failure Of Financial Regulatory Systems The directors of Northern Rock were the principal authors of the difficulties that the company has faced since August 2007. The directors pursued a reckless business model which was excessively reliant on wholesale funding. The Financial Services Authority systematically failed in its regulatory duty to ensure that Northern Rock would not pose a systemic risk House of Commons Treasury Committee, (January 2008) The Run on the Rock

IT Governance Failures Disney Corporation s go.com project (shut down after $878M in expenditure) Nike s $400M investment in software (subsequently written off as a disaster) Australian Customs Imports Control System (when Customs insisted on going live with its own systems, the industry was not ready and the ports effectively closed down for three weeks, until the old systems were brought back into action)

IT governance is the responsibility of the Board of Directors and executive Importance of IT Governance IT is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategy and objectives. Governance, Risk, and Compliance are highly related but distinct activities that solve different problems for different sets of constituents of an organization. If Governance is not in place, Risk Management cannot be meaningfully achieved. If Risk Management is not in place then achieving Compliance becomes irrelevant and cannot be meaningfully achieved.

ICT and IT Governance ICT is a general purpose technology leading to and requiring: changes in legal forms regulatory organisational changes culture education

IT Corporate Governance defined "The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation." Australian Standard for CG of ICT AS8015 IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation s IT sustains and extends the organisation s strategies and objectives..

IT CG Dimensions & Responsibilities IT CG: Public dimension: enabling framework for Digital economies & societies. E-Government imperative Private dimension IT governance is concerned about two responsibilities: IT must deliver value and enable the business IT-related risks must be mitigated

ITGI Global Survey An Executive View of IT Governance,

IT Governance Global Status Report 2008

IT Governance and the Role of the Board I IT governance is the responsibility of the Board of Directors. The responsibility for ensuring that appropriate policies are in place concerning the secure storage of, access to, and retrieval of sensitive information is squarely the responsibility of the Board of Directors. The responsibility of implementing those policies rests with executive management The Board of Directors are accountable to their shareholders for prudent management of the funds that are entrusted to them. A lack of board oversight for IT activities is dangerous, it puts the firm at risk..

IT Governance and The Role of the Board II An essential mechanism by which a Board can begin to establish and drive the IT Governance agenda is by establishing a Board Level IT Oversight Committee. The recommended practice is that this committee be chaired by a person who is IT savvy, however, it may be well chaired by a person who has the ability to demand that the IT executive presents arguments that make sound business sense. It is the role of the IT executive to make the translation between the technology and the business and to present issues to the Board and its members in such a manner that these issues are easily understood.

IT Governance and The Role of the Board III The International Standards Organisation (ISO) has published a new standard for corporate governance of ICT. This standard recognises that ICT governance needs to be owned by those with accountability for the delivery of an effective business system. This standard (referred to as ISO 38500:2008), provides a guidance system for Boards to perform the role of Systemic Governance alluded to above.

Compliance with IT Governance Control Objectives for Information and related Technology (COBIT) provides for 34 identified IT processes their corresponding highlevel control objectives and management guidelines. Sarbanes-Oxley Act of the US has compliance regulations which, with respect to internal controls, demands certain characteristics, of a company s information systems, their implementation and their operation. Sox 302, 404,409 and 802 are relevant to IT Governance

Hawkamah ISACA & ITGAF IT CG integral part of CG ISACA and ITGAF as Strategic Partners of Hawkamah Cooperation on IT corporate governance Training Technical Assistance & Cooperation: banks & financial sector

Join us in BUILDING INSTITUTIONS FOR THE REGION www.hawkamah.org Hawkamah The Institute for Corporate Governance DIFC, Gate Village 2 Level 1 T: +9714-362-2551 F: +9714-362-2552 E: info@hawkamah.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information