Photo - Chow Sang Hoe, Managing Partner of Advisory Services, EY Malaysia.
According to a nationwide survey by the Institute of Bankers Malaysia (IBBM) and Ernst & Young [EY] Malaysia, Malaysia-based banks need to adopt a more robust management approach to IT risk management [ITRM] practices.
The ITRM survey titled 'Beyond IT to totality', which is the first of its kind in Malaysia, evaluates the maturity level of ITRM among Malaysia-based banks, said EY Malaysia's managing partner of advisory services Chow Sang Hoe.
Chow said the survey points to the adoption by banks of a '3R' strategy to help banks minimise IT risks. A starting point is for banks to 'Realign' their ITRM activities to address emerging business risks driven by IT megatrends which are beyond basic IT risk areas. Secondly, banks can 'Refocus' on IT risk areas that matter, prioritise their investments in high-risk business areas and consider enabling technologies. Thirdly, banks can 'Refresh' their ITRM programme to keep up with not only local compliance regulatory requirements but also global ITRM standards.
"In this era of accelerating changes driven by IT megatrends, banks need to plan ahead in realigning their ITRM activities to strategic business areas," he said. "Beyond core 'day-to-day' operations, banks need to sharpen their focus on emerging technologies, consumerisation, the change agenda or transformation, external threats like cybercrime, and even internal threats such as IT access rights to employees and contractors."
"To navigate across a terrain of business risks, having an appreciation of the IT risk universe and developing a robust ITRM approach will be critical," said Chow.
Risk mitigation controls
"Banks have put in place risk mitigation, involving prioritizing and implementing risk-reducing controls and processes," said IBBM chief executive officer Tay Kay Luan. "The survey shows that banks over the next year have significant IT related components to them."
"There was a high focus on regulatory and compliance risk, which is reflective of Malaysia's supportive regulatory environment where Bank Negara Malaysia provides guidelines on a bank's governance and risk management architecture," said Tay.
Sign up for CIO Asia eNewsletters.