Back

Establish, implement, and maintain a financial management program.


CONTROL ID
13228
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Leadership and high level objectives, CC ID: 00597

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain funds transfer procedures., CC ID: 16754
  • Establish, implement, and maintain protective measures for customers from a bank's insolvency or default., CC ID: 16738
  • Include communication protocols in the financial management program., CC ID: 16763
  • Include ongoing monitoring in the financial management program., CC ID: 16762
  • Employ tools to manage settlement and funding flows., CC ID: 16743
  • Refrain from setting up anonymous financial accounts., CC ID: 16721
  • Identify and maintain positions in financial accounts., CC ID: 16751
  • Establish, implement, and maintain a financial products and services disclosure policy., CC ID: 16717
  • Establish, implement, and maintain a subsidiary compliance program., CC ID: 16694
  • Establish, implement, and maintain financial resource management procedures., CC ID: 16642
  • Establish, implement, and maintain credit loss procedures., CC ID: 16683
  • Establish, implement, and maintain a securities trading program., CC ID: 16626
  • Establish, implement, and maintain a capital restoration plan., CC ID: 16613
  • Establish, implement, and maintain valuation procedures., CC ID: 16634
  • Include investment information in approval requests for investments., CC ID: 16590
  • Establish, implement, and maintain capital withdrawal requirements., CC ID: 16576
  • Establish, implement, and maintain lending policies., CC ID: 16608
  • Establish, implement, and maintain a dividend policy., CC ID: 16569
  • Establish, implement, and maintain margin systems., CC ID: 16601
  • Establish, implement, and maintain capital adequacy measures., CC ID: 16568
  • Establish, implement, and maintain escrow procedures for financial transactions., CC ID: 16564
  • Establish, implement, and maintain a Capital Planning and Investment Control policy., CC ID: 06279
  • Establish, implement, and maintain a recordkeeping system for securities transactions., CC ID: 16631
  • Establish, implement, and maintain securities transaction notifications., CC ID: 16600
  • Establish, implement, and maintain financial reports., CC ID: 14770


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • the risks associated with e-banking are fully understood and that adequate risk management measures are taken when introducing or enhancing e-banking and thereafter, as there might be changes in risk over time especially as technologies evolve. In this connection, the AI's Board and senior managemen… (§ 3.1.1 (i), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Every Consent Manager shall be registered with the Board in such manner and subject to such technical, operational, financial and other conditions as may be prescribed. (§ 6.(9), Digital Personal Data Protection Act, 2023, August 11, 2023)
  • Financial soundness; (Article 53(1)(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • A firm must maintain adequate financial resources. (2.1.1 Principle 4 Financial prudence, Principles for Businesses)
  • conducting their business in a prudent manner, including having appropriate non-financial (as well as financial) resources. Further guidance on the PRA's approach to the Threshold Conditions is set out in paragraph 21 of 'The PRA's approach to banking supervision' and paragraph 25 of 'The PRA's appr… (§ 4.6 Bullet 3, SS2/21 Outsourcing and third party risk management, March 2021)
  • The purpose of the service financial management practice is to support the organization's strategies and plans for service management by ensuring that the organization's financial resources and investments are being used effectively. (5.1.11 ¶ 1, ITIL Foundation, 4 Edition)
  • Work with the business to ensure that the enterprise portfolio of IT-enabled investments contains programmes that have solid business cases. Recognise that there are mandatory, sustaining and discretionary investments that differ in complexity and degree of freedom in allocating funds. IT processes … (PO1.1 IT Value Management, CobiT, Version 4.1)
  • Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It s… (PO4.1 IT Process Framework, CobiT, Version 4.1)
  • When planning these actions, the organization shall consider its technological options and its financial, operational and business requirements. (§ 6.1.4 ¶ 2, ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • ensure that an internal control system is implemented, including a risk management system, a compliance management system and a system of financial controls; (§ 6.4.3.1 ¶ 1 b), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • the organization's financial results and financial resources, ensuring that the organization remains financially sound; (§ 6.4.3.2 ¶ 1 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • When planning its actions, the organization shall consider best practices, technological options and financial, operational and business requirements. (§ 6.1.4 ¶ 3, ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • Cash reserves. (App A Objective 4:2d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Verify that the BCP addresses the entity's cash management requirements. Procedures may include: (App A Objective 8:9, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Financial management for IT services to allocate the cost of providing services. (App A Objective 2:7b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Agencies may be required or may at their choice elect to receive an audit opinion on internal control over external financial reporting. These Agencies must provide a separate assurance statement for internal control over external financial reporting. The Green Book and OMB Circular No. A-123 provid… (Section VI (I) ¶ 1, OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control)
  • Different critical infrastructure sectors have varying capacities to absorb the costs of cybersecurity, ranging from low-margin sectors that cannot easily increase investment with intervention, to those where the marginal costs of improving cybersecurity can be absorbed. In some sectors, regulation … (STRATEGIC OBJECTIVE 1.1 Subsection 3 ¶ 1, National Cybersecurity Strategy)
  • Preserving and extending the open, free, global, interoperable, reliable, and secure Internet requires sustained engagement in standards development processes to instill our values and ensure that technical standards produce technologies that are more secure and resilient. As autocratic regimes seek… (STRATEGIC OBJECTIVE 4.1 ¶ 2, National Cybersecurity Strategy)