Pub. 2 2023 Issue 3a

USING IT GOVERNANCE TO ACHIEVE YOUR BANK’S BUSINESS GOALS Community Banks carry an ongoing burden of compliance for information technology (IT). Examiners expect the bank to undergo annual IT audits, penetration tests, policy reviews, and complete comprehensive technology plans, risk assessments and cybersecurity self-assessments all while trying to do the real work of banking in the community. Why do regulators expect this level of paperwork? What is the purpose of all those selfassessments and evaluations, and who, ultimately, is responsible for getting them done? The answer lies in the realm of IT Governance. In this article, we’ll explore: • What is IT Governance? • Why is it important? • Who is responsible? • How do you implement your own IT Governance Program? IT GOVERNANCE: WHAT IT IS — WHAT IT ISN’T IT Governance is not about the day-to-day management, procurement, installation and running of IT systems. It’s not about keeping the lights on and the wheels turning. Instead, IT Governance can be defined as the processes that ensure the effective, efficient, and safe use of IT to enable an organization to achieve its goals. The key word here is “goals.” Not IT goals, but the business goals of the bank which IT is serving. What are the primary business goals of your community bank? At a high level, almost all have the same goals: to provide quality, competitive, profitable, timely, confidential, (add your own adjective here) banking services to businesses and individuals within your community. A bank’s business goal is not to provide technological services, but to By Mike Gilmore Chief Compliance Officer RESULTS Technology INDEPENDENT REPORT | 33

RkJQdWJsaXNoZXIy MTg3NDExNQ==