Banks score low on IT Governance
32pc banks have ITG in place, 45pc auditors not trained enough to trace IT holes
FE Report | Wednesday, 11 April 2018
Only 32 per cent of the country's banks have IT Governance (ITG) frameworks in place, indicating severe weakness in active involvement of bank high-ups in the IT system management of their own entities, a recent industry -wide survey has revealed.
At the same time, the survey has also found that 8.0 per cent of the banks have still not initiated ITG implementation while 60 per cent have no definite target to complete such ITG despite introducing them.
Such findings were part of a study conducted by the Bangladesh Institute of Bank Management (BIBM) on the IT operation of 32 banks of the country.
"From the research findings, it appears that there is lack of understanding on IT Governance responsibility in banks", said Md. Shihab Uddin Khan, Associate Professor of BIBM while presenting the findings of the study at a workshop in the capital on Tuesday.
Mr. Khan along with a number of researchers from BIBM including Md. Mahbubur Rahman Alam, Kaniz Rabbi and Md. Foysal Hasan as well as FVP of Dutch-Bangla Bank Mohammad Emdadul Haque Khan conducted the study.
"As per the international standard and best practices, Board of Directors is responsible for the IT governance in the organisation",
the study noted. "But only 36 per cent of the banks responded that Board of Directors is responsible for the IT governance".
"Banks should give proper attention to follow appropriate guidelines, standards and framework to successfully implement ITG to achieve sustainable business and offer new innovative products or services to customers", the researchers said.
The BIBM study has also focused extensively on greater spending on IT training. "Near about 3.0 per cent of total IT budget goes to training and CTOs are not satisfied regarding this issue", the research paper noted.
"Bank management should increase their level of understanding and appreciation that there is no alternative to develop IT skill in banks because ICT is rapidly changing platform and more diversified and sophisticated cyber attacks and frauds are also increasing", it added.
The same view was also echoed by the participants and panellists in the workshop, who underlined the need for increased spending on IT training in the banking institutions.
"Every bank should allocate certain portion of their annual profit for ICT budget", said Deputy Governor of Bangladesh Bank Abu Hena Mohd. Razee Hassan, who attended the occasion as the chief guest.
"This budget may be spent for ICT infrastructure development and manpower training", the deputy governor said. "Adequate number of IT Professionals can be recruited to fill the gap between actual demand and existing manpower", he added.
"Leadership quality of bank management and efficiency of different IT committees should be developed for successful design and implementation of banking automation projects and ensuring smooth operation and proper maintenance", he said.
"Training should be treated as an investment, not an expenditure", said Helal Ahmed Choudhury, Supernumerary Professor of BIBM. "Training is essential for IT personnel to remain updated with the latest developments in the information technology arena", he added.
The study has also focused extensively on the issue of IT audit. It was noted that although ICT infrastructure of each bank should be audited by qualified IT auditors each year, around 45 per cent auditors of the banks are not trained enough to perform IT audit properly.
"It is clear that poor auditing system of those banks may create another risk for security if auditors fail to identify security holes. Banks should not compromise on this issue", BIBM researchers said.
The study also pointed out that 54 per cent of data centres and 18 per cent of disaster recovery systems (DRS) of the banks have been established in high rise buildings running risks of earthquake and fire.
On the other hand, DRSs of maximum banks are also established in Dhaka within an average air distance of 12.5 kilometres from the data centres, showing very high risk of natural disaster like earthquake, the research findings show.
As such, most of the banks strongly agree that the distance is not enough to avoid natural disasters like earthquake, the study found.
"Banks should have immediate plan to set up DRS at separate seismic zone", said Abul Kashem Md Shirin, Chief Executive Officer of Dutch Bangla Bank Limited while also underlining the need for establishing at least three data centres for each bank to ensure enough data security.
The BIBM study has also pointed out the growing popularity of foreign products in the country when it comes to core banking software.
"Currently, 46 per cent banks in our country are using foreign CBS while 36 per cent are using local CBS", the study said. The percentage of local software is shrinking gradually.
"Before 2005, 45 banks used local software whereas in 2017 only 19 banks were using it", it added.