DO REGULATORS PAY ATTENTION? AN ASSESSMENT OF IT GOVERNANCE IMPLEMENTATION IN SYSTEMICALLY IMPORTANT BANKS

Download This Article

Mehrdad Sepahvand ORCID logo, Homa Monfared ORCID logo

DOI:10.22495/jgr_v6_i1_p8

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Abstract

The large size and complexity of Information Technology systems in systematically important banks raise the need for creating an IT governance architecture that could make IT strategy aligned with business strategy and delivers value while it effectively identifies and manages IT risk. This study traces the links between IT governance and two more applied risk management frameworks, COSO and BCBS’s principles for managing IT risk. Then it argues due to the magnitude of potential losses caused by any weakness in IT governance in D-SIBs, the assessment of IT governance in these banks should be one of the main concerns of local regulators and supervisors. As a case study, it assesses the relative rank of D-SIBs in Iranian banking system to see where these banks would stand in an ordered list of the banks including both private and public banks in terms of IT governance implementation. The application of the Fuzzy AHP technique shows that IT governance practice in Iranian D-SIBs is not as good as the private banks while it outperforms some state-owned banks.

Keywords: IT Governance, Systematically Important Banks, IT Risk, Fuzzy AHP

Received: 10.01.2017

Accepted: 15.03.2017

How to cite this paper: Sepahvand, M., & Monfared, H. (2017). Do regulators pay attention? An assessment of IT governance implementation in systemically important banks. Journal of Governance and Regulation, 6(1), 90-99. http://doi.org/10.22495/jgr_v6_i1_p8