Datasec - IT Security & Control

HAPOALIM LATIN AMERICA Print

Successful Implementation Project of Best Practices for Internal Control based on COBIT and COSO


Situation

The Superintendency of Financial Intermediaries of the Uruguayan Central Bank (BCU), exercising the powers and faculties granted by statute and law, established some minimum management standards as a prerequisite to achieve financial qualification. The Bank regulated technology issues, among other issues, based on international best practices. These practices refer to security, quality, reliability, efficiency and effectiveness of the information systems taking into account measurement methodologies and the management of technological risks. In order to comply with these practices, financial institutions must establish a structure of processes and relationships to direct and control the Information Technology in order to achieve objectives and add value to the business while balancing risks against the IT's return of investment and its processes.
Similar requirements must be met to establish a Comprehensive Internal Control System

Solution

ISACA/ITGI's COBIT Framework was selected to implement the IT's Internal Control and Governance. To do so Hapoalim Bank began in 2004 to document and implement COBIT's 3.0 processes setting as a target level a "Defined Process" as per the Maturity Model, all according to a strict implementation schedule. The implementation progressed with remarkable consistency. Hapoalim progressed in the implementation of the main COBIT processes, particularly for those key to their business, such as Risk Analysis and Management, Business Continuity, IT Strategic Planning, Project Management and Information Security. This was achieved by a frequent use of DATASEC's software tools such as Meycor COBIT Knowledge Provider, Meycor COSO AG and Meycor COBIT CSA.

Benefits

A framework for IT Governance was successfully established, contributing to achieve the IT objectives aligned with business goals, adding value to the business and managing risks and resources. The Internal Control and Risk Management processes were also automated.

Conclusion

Hapoalim made remarkable progress thanks to this project regarding the creation of a key knowledge database on internal regulations for IT management.
This project also raised the awareness of the human resources regarding the importance of good security and quality practices for achieving excellency in the banking industry.
Ultimately, Hapoalim made progress regarding their internal control and risk mitigation issues by implementing several basic tactical projects such as developing and implementing a Business Continuity Plan.

Summary:

Country: Uruguay

Contact: Mr. Raúl Rodríguez

Industry: Financial Services

Customer Profile: Financial institution that offers loan services, foreign trade, currency exchange, money and wire transfers, and stock operations.

Situation: The organization needed to comply with the Uruguayan Central Bank (BCU) requirements for an effective management of their Information Technology and Internal Control.

Solution: The usage of the COBIT and COSO frameworks to implement the best governance practices for the IT and Internal Control. 

Benefits: Comprehensively integrated the business and the technology through mature IT processes that contributed to the achievement of the company's goals.