(This is an extract from an article written for Bank Technology News. The full article is here.)
One of the reasons compelling the shift towards increased focus on IT is found in the only non-financial element in the CAMELS ratings: management. Post-mortem reports on the failures of both Washington Mutual and Indy Mac placed the blame equally on management for pursuing overly aggressive growth strategies, as well as on the regulator (OTS) and their inability to effectively identify and assess the risks. The OTS was a regulatory casualty of Dodd-Frank, and I think we can expect (and rightly so) increased focus on all governance issues going forward. But how does that translate into increased IT focus?
There are twelve factors that go into the CAMELS management rating component, and one of them is a measure of how well the institution manages its information systems. In addition to that, the FFIEC makes it clear in their IT Examination Handbook on Management that
“…effective IT management practices play an integral role in achieving many goals related to corporate governance. The ability to manage technology effectively in isolation no longer exists. Institutions should integrate IT management into the strategic planning function of each line of business within the institution.”
And regarding the relationship between IT and strategic planning;
“…an institution capable of aligning its IT infrastructure to support its business strategy adds value to its organization and positions itself for sustained success.”
Clearly IT is so pervasive throughout financial institutions that no enterprise-wide assessment of management and governance is complete without a thorough review of IT. It also stands to reason that an institution that can not demonstrate that they can adequately manage technology (and do so at all levels of management, from the Board of Directors down) may have fundamental management issues enterprise-wide.
Bottom line…more scrutiny of management equals more scrutiny of IT, and deficiencies in IT can lead to lower CAMELS scores. Solution? Implement a formal IT management process consisting of a dedicated committee. Use a standardized agenda, assigning follow-up items to responsible parties with specific time-frames for resolution. Involve ALL functional units in the committee, and regularly report status updates to the Board.
Then take this same model and apply it to the rest of the organization!