Welcome » IT Booklets » Management » IT Risk Management Process » Planning IT Operations and Investment
Financial institution boards and management should implement an IT planning process that:
Planning involves preparing for future activities by defining goals and the strategies used to achieve them. Information technology is an integral part of financial institution operations. Therefore, financial institutions should integrate IT resources and investments into the overall business planning process. Major investments in IT resources have long-term implications on both the delivery and performance of the institution's products and services. Independent data centers also should plan effectively, so they can provide quality and cost effective service to client financial institutions. Institution management should monitor any changes in the current strategies and plans of independent data centers that provide services.
Plans may vary significantly depending on the size and structure of the organization. Every organization should strive to achieve a planning process that constantly adjusts for new risks or opportunities and maximizes the value of IT to the organization. Management should always document plans, however a written plan does not guarantee an effective planning process. Management should measure specific plans by whether they meet the organization's business needs. For all plans, the examiner should evaluate the process as well as the written product. A sound plan requires the board of directors, senior management, and user involvement in the planning process. The board of directors should review and approve the plan. Senior management participates in formulating and implementing the plan. The individual departments and functional areas identify specific business needs and, ultimately, implement the plans.