User Support/Help Desk

User support and help desk functions are relevant both within the institution and for third-party service providers. Financial institutions that outsource elements of IT operations may themselves be end users requiring help desk support.

User support processes and activities should ensure end users continuously have the resources and services needed to perform their job functions in an efficient and effective manner. An institution can combine user support processes with internal service level agreements (SLAs) to include such functions as root cause analysis, impact analysis, problem correction, and preventive procedures. While larger institutions frequently use internal SLAs to establish performance objectives, they are less common in smaller, noncomplex environments. Internal SLAs and user support goals and objectives should align with users' business requirements. User support and help desk functions that are not linked with user requirements contribute to diminished revenue, increased overhead, and degraded customer product and service delivery.

In larger institutions, the help desk function provides user support. The help desk typically consists of dedicated staff trained in problem resolution, equipped with issue tracking software, and supported with knowledge-based systems that serve as a reference resource to common problems. In a smaller, noncomplex institution user support may consist of a single person, a very small staff, or a contract with a support vendor.

A variety of technology solutions are available to assist in the effective management and operation of a help desk function. Dedicated internal and toll-free phone numbers support problem screening, call routing, and issue recording. Internet, intranet, and voice response unit (VRU) systems also enable problem reporting and can reduce the number of help desk operators dedicated to customer support. The help desk should record and track incoming problem reports, whether handled by live operators or automated systems. Documentation in the tracking system should include such data as user, problem description, affected system (platform, application, or other), prioritization code, current status toward resolution, party responsible for resolution, root cause (when identified), target resolution time, and a comment field for recording user contacts and other pertinent information. The tracking system helps prioritize issues, track problems through resolution, analyze the problem database for systemic concerns, and analyze help desk performance and management. Some tracking systems support Internet and intranet access so users can monitor problem resolution.

The help desk should evaluate and prioritize issues to ensure the most critical problems receive prompt attention. Key factors the help desk should consider when establishing priority include the number of users or customers affected, revenue losses, expenses incurred, or the number of SLAs affected, impacted or breached.

Help desk functions are also supported by knowledge base systems that provide support staff with action responses to common problems. Strong support functions continually update the knowledge base systems with information obtained from vendors and from the experiences of help desk staff. Because attrition rates in the help desk function can be high, a knowledge base system can ensure an institution retains knowledge and facilitates the training and development of new employees. Users may also access the knowledge base through the telephone, the Internet, or intranet to diagnose their own problems, which can contribute to a more streamlined help desk function.

Proper authentication of users is critical to risk management within the user support function. Typically, user authentication is uniform for all help desk requests. However, an institution may choose to use different levels of authentication depending upon the problem reported, the type of action requested, or the platform, system, or data involved. If the help desk uses a single authentication standard for all requests, it should be sufficiently rigorous to cover the highest risk scenarios. If the help desk function is outsourced, management should determine the servicer's information access level, assign the functions it will perform, and ensure that security and confidentiality remain in place. Refer to the IT Handbook's "Outsourcing Technology Services Booklet" for further information on vendor management.


Previous Section
Event/Problem Management
Next Section
Other Controls