A leading Irish financial institution required an assessment of their Information Technology function and the identification of areas of potential improvement with the aim of implementing best practice.
This project required Deloitte to evaluate the Information Technology function of a major Irish financial institution. We were required to assess the capabilities of the information technology department against best practice in the financial services industry.
The engagement focused on the examination of a number of areas, including:
- Segregation of duties within the IT department
- Network security
- Regulatory requirements affecting the IT function
- IT security policies
- Hardware tracking and security
- The IT procedures in operation
The IT department of this financial institution measured up well with the requirements for best practice in its industry however even in a well-run organisation there were vulnerabilities that needed to be addressed:
- IT key man dependence
- Organisational dependence on a single staff member to provide services to support critical information systems. This also highlighted weaknesses in the area of succession planning.
- The organisation operated without a position that focused solely on information security. To ensure the information security requirements are kept up to date and centrally managed, an independent role should be created. Best practice requires this independent role as it facilitates wider communication and clarity of responsibility for policy.
- Staff knowledge of procedures and operations has not been formally documented. These omissions can delay the implementation of system changes and the continuity planning of the organisation.