Manage IT und IT Risk

The core task of financial service providers’ IT/organizational units is to ensure the medium- and long-term supply (development and operation) of the institutions with adequate, economical and future-proof organizational and IT solutions. The goal of IT management is to implement the defined business objectives and business strategies while taking into account the legal framework. A critical success factor for this is the effective and efficient management of IT. Governance principles must be clearly defined and the development of business and IT strategy must follow the same rules to ensure the alignment of business and IT.

In addition to corporate governance, which relates to the company as a whole, the IT governance function (“Manage IT”) is therefore part of IT management. Its goal is the targeted management of efficient and smooth collaboration between business units, IT units, IT service providers and decision-making bodies within the framework of deliverability, controllability and budget viability.

The task of “Manage IT” is to create the necessary conditions through efficient structures and processes and to manage and promote their execution. Key fields of action in this context are the following:

• Ensuring the targeted collaboration of all parties involved in the entire IT value chain

• Optimal balancing of customer-oriented services and central management

• Achieving a balance between standardization and flexibility

• Differentiation of IT performance levels to meet different customer requirements, adjustment of key management, performance and support processes, as well as viable IT architectures and binding IT development plans.

In addition to controlling IT value creation, the tasks of IT management include ensuring adherence to applicable compliance and information security standards as well as managing IT risks as a necessary ancillary condition of IT service provision.

In this context, for example, compliance with legal and regulatory requirements such as MaRisk or applicable interpretative provisions of the German Federal Data Protection Act for information security must be managed and monitored. However, the monitoring of internal operational risks (OpRisks) due to inadequate or unavailable internal procedures, employees or systems is also part of IT management’s tasks.

Module content

Manage IT – governance for IT work that makes a tangible difference

• Manage IT and IT Risk – motivation for tangible governance

• IT management requirements and basics of the IT management model

• IT rulebook – objectives, scope and contents of the management processes along the IT value chain in practice

• Value of IT – cost management and optimization as well as scenario-based approaches for measuring the value contribution of IT

• Service provider and vendor management – managing interfaces between service recipients and providers

• Management and control tools – dashboards, KPIs and reporting in practice

• Common standards and reference models for IT units (e.g. COBIT) as well as external regulatory requirements (e.g. BAIT)

IT risk – meeting compliance and IT security requirements

• IT risk management – requirements in the financial services industry (e.g. MARisk, BAIT)

• Basics of data security and IT security

• Management of operational risks

• COBIT standards to ensure MaRisk compliance

• Review of IT compliance

• EU-GDPR impact

• Scope, content and core elements of individual processes: business continuity management, access and identity management

• Cyber security – digitalization as a challenge for information security

• “Shadow IT” – management of individual data processing