The dynamic nature of today’s business environment, where consumer, technology, and regulatory change is pervasive, business agility is increasingly indispensable. To stay nimble and responsive to business change, financial services organizations must adapt their governance toward more agile and automated governance practices.

Gone are the days when a check box was enough. Success in modern digital organizations depends on an organization’s ability to adjust to the velocity of business and the evolving risk and regulatory landscape.

Practically, this means shifting from a people- and document-oriented approach to a data-centric approach and leveraging organization data to create decision rules that account for known risks and constraints and embedding governance directly into products, services, or processes.

To stay aligned with business objectives and to avoid poor business outcomes, it is critical to build an approach to IT governance that is effective and suitable today while building in adaptability to keep it relevant for tomorrow.

Donna Bales

Principal Research Director,

Info-Tech Research Group

• It is difficult to keep up with the scale, speed, and complexity of regulatory and technology change.
• Emerging and advanced technologies enable faster, more customized customer experiences, but they come with added complexity in how risks are managed and data is governed.
• A move to fully automated decisioning is hindered by a lack of mature AI/ML governance and ethics frameworks.
• Resource capacity and technology availability has not kept pace with organization growth and expectations.

• Underdeveloped capabilities across the three lines of defense lead to a lack of coordination, duplication of risk areas, gaps, and misaligned or conflicting assurance opinions.
• Organizational constraints inhibit a move toward a culture of innovation and agility.
• No single source of truth – data is fragmented and mismanaged.
• There are funding constraints/balancing against revenue opportunities.
• Accountability framework is not well understood.

• Use Info-Tech’s IT governance models to identify a base model similar to the way you are organized. Confirm your current and future placement in governance execution.
• Adjust the model based on industry needs, your principles, regulatory requirements, and your future direction.
• Identify where to embed or automate decision making and compliance and what is required to do so effectively.
• Implement your governance model for success.

STRATEGIC ALIGNMENT

Technology investments and portfolios are aligned with the organization's strategic objectives.

RISK OPTIMIZATON

Organizational risks are understood and addressed to minimize impact and optimize opportunities.

VALUE DELIVERY

IT investments and initiatives deliver their expected benefits.

RESOURCE OPTIMIZATION

Resources (people, finances, time) are appropriately allocated across the organization to optimal organizational benefit.

PERFORMANCE MEASUREMENT

The performance of technology investments is monitored and used to determine future courses of action and to confirm achievement of success.

EVALUATE – DIRECT – MONITOR

Adaptive (Data-Centric)

↑

Traditional (People- and Document-Centric)

Automated Governance

• Entrenched into organizational processes and product/service design
• Empowered and fully delegated to maintain fit and drive organizational success and survival

Agile Governance

• Flexible enough to support different needs in the organization and respond quickly to change
• Driven by principles and delegated throughout the company

Controlled Governance

• Focused on compliance and hierarchy-based authority
• Levels of authority defined and often driven by regulatory requirements

Ad Hoc Governance

• Not well defined or understood within the organization
• Occurs out of necessity but often not done by the right people or bodies

• Corporate governance legislation and regulatory guidelines specify certain matters that must be part of governance programs.
• The board is responsible for the overall stewardship of the organization and fulfilling two key elements: decision making, and oversight. However, the board is supported and informed by a robust corporate governance committee structure.
• Board committees assist the board in exercising its responsibilities.
• Typical board committees include:
  • Audit
  • Governance (may include ESG)
  • Risk
  • Compensation/HR Committee

Legislation, laws, regulation, and guidance

Regulation informs how governance is executed and risk is managed

• Makes decisions and sets direction by considering strategic opportunity, risk appetite
• Actively manages the organization’s risk profile relative to its risk appetite
• Oversees the systems and policies to identify and manage risk to the enterprise
• Fosters a culture of integrity and good governance
• Is supported by governance committees

• Ensure organization’s structure, budget, and resources are in place to manage risks
• Ensure policies and procedures are in place to manage risk
• Review and recommend risk appetite framework
• Assess effectiveness of risk function (e.g. review risk reporting)

• Identify, manage, and report on risks
• Make recommendations on risk management, control mechanisms and investment mix, talent, and resource capacity
• Responsible for meeting regulatory obligations