Credit Union IT Governance

Credit Union IT Governance

IT Governance in a Credit Union

We’re an IT solutions provider, empowering people through technology.

Credit Union IT Governance, Due Doligence Policies and Procedures
Credit Union IT Governance

Credit Union IT Governance

IT Governance in a Credit Union

Information Technology is interconnected into all credit union functions, supports all functions and has become more complex and may be beyond the understanding of the Management of a credit union, in terms of Risk and Governance.

Credit Union IT Governance

Credit Union IT Governance

"The rapid advancement of technology innovations in recent times has fundamentally changed business processes and models in financial firms of all sizes including credit unions. These advancements have introduced efficiencies and cost savings for firms and their customers. However, these technologies also bring significant risks, as firms become increasingly interconnected and more reliant on increasingly complex IT systems and outsourcing service providers to conduct their business and deliver services to members. "

Call-center-worker

What Andrews Duffy Provide Is:

“an Independent oversight of the IT solution assuring it complies with required regulations, IT risk management and interfacing with the IT providers. We create using clear language IT oversight reports, to provide manageable, understandable information for the Credit Union management and board“

Credit Union IT Governance

Credit Union IT Governance

Simple questions to ask yourself

How do you govern a function if you do not fully understand how it works?

Do you have members of the Risk / Audit committee that have knowledge of IT?

“It is the board and management’s responsibility to understand the specific IT related risks that the credit union faces and to ensure that these are sufficiently mitigated in line with the credit union’s risk appetite. Credit unions need to understand their vulnerabilities in relation to risks associated with IT and cyber security and work to address these. This is of particular importance in an environment where an increasing proportion of services are provided remotely.” CBI 2020 PRISM Commentary

Various reports from the Central Bank highlight Governance issues – policies, procedures, business continuity, systems & security issues that have been discovered in their audits of credit union. This shines a light, good and bad practices in the credit union. We sieve through the IT orientated reports or sections from the central bank to highlight the positives that can be addressed and areas where improvement is needed.

  • Understanding of IT Governance and its approach is varied and ranges from good knowledge and practice, to being very dependent on external support from IT service suppliers and third party consultants to provide both IT services and assurance.
  • Some IT policies were not localised to the individual credit union requirements and therefore were not understood by the credit union’s Board and management.
  • Exit, termination and transition stages of services from an outsource partner to another third party or back in-house were not included in any outsourcing policies provided.
  • The majority of credit union managers interviewed demonstrated basic IT knowledge and basic understanding of IT Risk Management. The management of a credit union are responsible for understanding the specific IT risks based on the scale and complexity of the business and to ensure such risks are sufficiently mitigated. This knowledge and understanding must be appropriate to the scale and complexity of the activities undertaken.
  • Some credit unions viewed IT more as an expense item and did not appear to view IT as a core enabler of their business which requires robust risk management.

 

 

group-meeting

Client Testimonial

I have been working with the Brian Andrews from AndrewsDuffy for since 2019 and I can confidently say that they are one of the best partners we have ever had. We have been using their services for IT oversight, governance, IT risk management, assurance, and peace of mind in all things IT. We have benefited from our sounding board on IT, provided independent advice on IT issues, dealing with vendors and management of projects. We are very pleased with the quality and value of our collaboration with Brian Andrews. They are a great example of how our company can help clients optimise their IT performance and security. We look forward to continuing our partnership with them and supporting our IT needs