Back

Integrate the use of technology in supporting the Governance, Risk, and Compliance capabilities.


CONTROL ID
12915
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Governance, Risk, and Compliance framework., CC ID: 01406

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A Data Fiduciary shall implement appropriate technical and organisational measures to ensure effective observance of the provisions of this Act and the rules made thereunder. (§ 8.(4), Digital Personal Data Protection Act, 2023, August 11, 2023)
  • Critical functions or applications dealing with financial, regulatory and legal, MIS and risk assessment/management, (for example, calculation of capital adequacy, ALM, calculating VaR, risk weighted assets, NPA classification and provisioning, balance sheet compilation, AML system, revaluation of f… (Critical components of information security 11) c.23., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Frequently, only technical solutions are associated with IT security. However, this is too shortsighted. This is another reason for better using the term information security instead of IT security. First and foremost, it is important to emphasise that investing in human resources is often more effe… (§ 5 ¶ 2, BSI Standard 200-1, Information Security Management Systems (ISMS), Version 1.0)
  • Evaluate and integrate use of technologies to support GRC capabilities. (OCEG GRC Capability Model, v 3.0, A5.8 Establish Technology Architecture, OCEG GRC Capability Model, v 3.0)
  • Align the use of AI to the objectives of the organization. The innovative use of new technologies is critical to the viability and health of many organizations and, in those cases, governance will encourage such innovation. Not every project will be strategically important (e.g. some will only reduc… (§ 5.5 ¶ 1 Bullet 5, ISO/IEC 38507:2022, Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations)
  • Align the use of AI to the organization's culture and values. Decisions proposed by an AI system should take into account organizational policies, expectations (including impact of use) and ethics. (§ 5.5 ¶ 1 Bullet 6, ISO/IEC 38507:2022, Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations)
  • The organization leverages the entity's information and technology systems to support enterprise risk management. (Principle 18: Leverages Information and Technology, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • coordinating information security policies and procedures with related information resources management policies and procedures. (§ 3553(a)(6), Federal Information Security Modernization Act of 2014)
  • Determine whether management implemented a process to continuously manage technology to support operational needs and mitigate AIO-related risks. Determine whether the entity's risk management processes include the following governance mechanisms: (App A Objective 2:1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Infrastructure that supports the entity's strategic objectives. (App A Objective 2:8b Bullet 3, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Management implements an IT infrastructure that achieves and promotes the objectives of confidentiality, integrity, and availability, and meets the entity's business objectives. (V, "Infrastructure") (App A Objective 13, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Management promotes and provides effective governance of AIO functions through defined responsibilities, accountability, and adequate resources to support these functions. (II, "Architecture, Infrastructure, and Operations Governance") (App A Objective 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Financial institution boards should oversee, while senior management should implement, an IT planning process with the following elements: - Long-term goals and the allocation of IT resources to achieve them, usually within a three- to five-year horizon. - Alignment of the IT strategic plan with the… (I.B.6 Planning IT Operations and Investment, FFIEC Information Technology Examination Handbook - Management, November 2015)