According to the FFIEC IT Examination Management Handbook, many institutions choose to delegate responsibility for monitoring IT activities to an IT Steering Committee. I also addressed this here. One of the most important roles of the IT Steering Committee is to ensure that the IT strategy is aligned with the overall business strategy. And the best way to do that brings me to my next trend:
The IT Strategic Plan
Although the FFIEC Management Handbook came out in June 2004, we first saw this appear in FDIC examinations in 2009. Since then it sort of faded away, but now it’s back, and at least one other primary federal regulator is asking for it…the OTS. (Whether or not this makes the transition to the OCC remains to be seen.)
According to the FFIEC:
Strategic IT planning focuses on a three to five year horizon and helps ensure the institution’s technology plans are consistent or aligned with its business plans. If effective, strategic IT planning can ensure delivery of IT services that balance cost and efficiency while enabling the business units to meet the competitive demands of the marketplace.
Since IT is often the largest single investment (not to mention the largest concentration of risks) a financial institution has, regulators recognize that managing this process is vitally important. The IT Strategic Plan can demonstrate that you are managing effectively.
There is no one single template for this, but in general the plan should contain the following elements:
- A mission statement. This should establish the basis for the plan, and the broad goals and objectives.
- Coordination with the overall Strategic Plan
- Organizational structure
- A list of IT initiatives
Many institutions choose to manage the plan in their IT Steering Committee…it simply become another agenda item. As the FFIEC states:
The information technology steering committee’s cross-functional membership makes it well suited for balancing or aligning the organization’s IT investment with its strategic and operational objectives.
However you choose to do it, since the IT Strategic Plan is so critical operationally, you may not want to wait until the examiners ask for it (and they will). And if you need to get senior management buy-in, mention this:
Well implemented technology plans provide the capability to deliver business value in terms of market share, earnings, and capital growth to the organization.