Andrews Duffy provides Independent Risk Management and oversight of the Information Technology solution.
Many regulatory authority bodies, e.g. The Central Bank of Ireland (Financial Services) or HSE (Health) require regulatory oversight into operations including IT. An oversight function is placed on management or boards / volunteers to oversee IT without, on occasions the necessary skillset to understand, manage IT providers and information produced. IT Risk Management is a recurring theme in the reports that requires action upon from the Central Bank for credit unions for example.
Policies & Procedures, development and review Asset Management IT Strategy alignment with overall organisational strategic plan
Oversight of IT Risks on Risk Register Maintenance of IT Asset Register Network Security and Cyber Security Awareness
Review of Business Continuity Plan Disaster Recovery Procedures Scenario Testing
Vendor Management Achieving Cost effective use of equipment Oversight on systems updates and deployment
Reviewing the historical spend on IT. Assisting with tender applications from existing vendors and ensuring best value for money spent
Managing IT Projects from conception to completion, being the single point of ownership/contact for any IT project
Many regulatory reports from the likes of the Central Bank for example have highlighted risks that IT presents to financial service organisations due to complexities of managing IT, insufficient procedures and lack of training. Risk management of the IT function is a recurring theme in all sectors that we are engaged in, from financial services, health, transportation and NGO.
It is our opinion that these risks can be mitigated and controlled by use of policies, procedures and action plans coupled with regular clear language reports to management team and board. We address the regulatory expectations, IT compliance and risk management requirements.
Central Bank of Ireland, December 2021 released a Consultation Paper, CP140 on Operational Resilience for Financial Institutions.
This guidance paper comments to the preparedness of financial institutions to continued operations with regard to events that may occur that impact on its continuing operations and or ability to deliver member services.
