Back

Assign the Information Technology steering committee to report to senior management.


CONTROL ID
12731
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain an Information Technology steering committee., CC ID: 12706

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is recommended that AIs establish an IT planning or steering committee which oversees whether IT resources are used effectively to support business strategies. This committee should normally consist of representatives of senior management, key business units and IT functions. It should meet regul… (2.2.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • Reporting to the Board of Directors on information security activities (Information Security Committee ¶ 3 Bullet 7, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • IT management reports directly to senior management, with appropriate reporting directly to the board, as needed. (App A Objective 2:10 a., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Financial institution management maintains effective oversight of MFS activities. Management maintains appropriate reporting for various levels of management to support that oversight. (AppE.7 Objective 6, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)