One of the primary responsibilities of IT operations management is to ensure the institution's current and planned infrastructure is sufficient to accomplish the strategic plans of senior management and the board. To accomplish this objective, operations management should ensure the institution has sufficient personnel (in knowledge, experience, and number), system capacity and availability, and storage capacity to achieve strategic objectives. Operations management should select or recommend technology solutions that can meet strategic requirements with reduced resources to control capital expenditures and operating costs.
Operations management should implement an organizational structure that addresses human resources and, where appropriate, multiple operating sites appropriate for supporting the business activities of the institution. IT operations, whether centralized or decentralized, should support business lines and functional operations. Operations should facilitate enterprise management information systems (MIS), product and service development and delivery, internal end-user information and process requirements, data capture, and transaction processing.
Effective IT operations management requires knowledge and understanding of the institution's IT environment. Appropriate documentation should be in place that indicates how these systems support the associated business processes (enterprise architecture). Management should also have an inventory of all of the institution's technology assets, should recognize interdependencies of these systems and should understand how these systems support the associated business lines. Additionally, management should understand the flow of data across and between systems. Adequate documentation of infrastructure and data flow facilitates risk identification, application of controls, and ongoing maintenance of information systems.
Effective IT operations management also requires that the institution establish and support an appropriate control environment. Management should implement a cost-effective and risk-focused control environment. The control environment should provide guidance, accountability, and enforceability while mitigating risk. Management should periodically assess the effectiveness of the control environment, which may be evaluated through self-assessments or other means. Management should also regularly test the results of the assessments through audits or other independent verification.
To ensure uninterrupted product and service delivery, as well as the institution's viability, operations management should develop a business continuity plan (BCP). For additional detailed information on this subject, refer to the IT Handbook's "Business Continuity Planning Booklet". IT systems should have robustness, resiliency, and capacity sufficient to accommodate ordinary interruptions to operations and to facilitate prompt restoration without escalating to more drastic and costly disaster recovery procedures.
Operations management should ensure the operating environment is physically and logically secure. Protection of expensive and critical business assets, especially the information essential to corporate activities and sensitive customer information, requires management to establish and enforce access controls to facilities, equipment, applications, systems, and transaction and customer data.
Sound IT operations management also includes providing adequate staffing through personnel selection, succession plans, and employee training. Hiring practices that result in an appropriate number of skilled staff promote smooth, continuous, and efficient operations. Ongoing training is vital to maintaining creative, motivated, and knowledgeable employees.
Operations management staff should recognize any limitations of IT operations staff and be prepared to obtain professional assistance. At times, it may be more efficient and cost effective to acquire outside expertise than to hire and train new employees, especially for functions that do not require full-time personnel.
Board of Directors and Senior Management