I.A.3 Enterprise Architecture
Enterprise architecture (EA) is the overall design and high-level plan that describes an institution's operational framework and includes the institution's mission, stakeholders, business and customers, work flow and processes, data processing, access, security, and availability. An EA program facilitates the conceptual design and maintenance of the network infrastructure, related IT controls, and policies. Management of financial institutions with highly complex systems or those experiencing growing IT costs without corresponding benefits should consider using or adjusting an EA program. As EA has evolved, different methodologies to implement EA programs have been developed. The underlying principle for all EA programs is that business IT requirements follow a predefined process that begins with a business need and ends with an IT solution that conforms to the policies approved by senior management and the board of directors. An effective EA program can result in the following:
- Enhanced interoperability from using IT to drive business adaptability.
- Closer partnership between business and IT groups.
- Improved focus on the institution's goals.
- Reduced numbers of failed IT systems.
- Reduced complexity of IT systems.
- Improved agility of IT systems.
- Closer alignment between IT deliverables and business requirements.
- Assurance that all software, including operating systems, is current and vendor supported.
- Improved morale, as more staff members see a direct correlation between their work and the institution's success.
Key considerations when developing an EA program include security, business resilience, data management, external connectivity, and alignment with the institution's goals and objectives. To effectively implement an EA program, the institution should analyze the risks and potential impact of threats to all of the institution's activities. A comprehensive EA program based on prudent practices can help an institution better develop processes to manage IT issues and identify, measure, and mitigate technology-based risks and threats.
I.A.2 IT Management
I.B IT Responsibilities and Functions