Establish, implement, and maintain a financial management program.

Establish/Maintain Documentation


This Control directly supports the implied Control(s):
  • Leadership and high level objectives, CC ID: 00597

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain financial reports., CC ID: 14770


  • the risks associated with e-banking are fully understood and that adequate risk management measures are taken when introducing or enhancing e-banking and thereafter, as there might be changes in risk over time especially as technologies evolve. In this connection, the AI's Board and senior managemen… (§ 3.1.1 (i), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Financial soundness; (Article 53(1)(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • A firm must maintain adequate financial resources. (2.1.1 Principle 4 Financial prudence, Principles for Businesses)
  • conducting their business in a prudent manner, including having appropriate non-financial (as well as financial) resources. Further guidance on the PRA's approach to the Threshold Conditions is set out in paragraph 21 of 'The PRA's approach to banking supervision' and paragraph 25 of 'The PRA's appr… (§ 4.6 Bullet 3, SS2/21 Outsourcing and third party risk management, March 2021)
  • The purpose of the service financial management practice is to support the organization's strategies and plans for service management by ensuring that the organization's financial resources and investments are being used effectively. (5.1.11 ¶ 1, ITIL Foundation, 4 Edition)
  • Work with the business to ensure that the enterprise portfolio of IT-enabled investments contains programmes that have solid business cases. Recognise that there are mandatory, sustaining and discretionary investments that differ in complexity and degree of freedom in allocating funds. IT processes … (PO1.1 IT Value Management, CobiT, Version 4.1)
  • Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It s… (PO4.1 IT Process Framework, CobiT, Version 4.1)
  • When planning these actions, the organization shall consider its technological options and its financial, operational and business requirements. (§ 6.1.4 ¶ 2, ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • ensure that an internal control system is implemented, including a risk management system, a compliance management system and a system of financial controls; (§ ¶ 1 b), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • the organization's financial results and financial resources, ensuring that the organization remains financially sound; (§ ¶ 1 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Cash reserves. (App A Objective 4:2d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Verify that the BCP addresses the entity's cash management requirements. Procedures may include: (App A Objective 8:9, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Financial management for IT services to allocate the cost of providing services. (App A Objective 2:7b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)