Joint Standard 1 of 2023 – IT Governance and Risk Requirements for Financial Institutions Assessment Service
The IT Governance and Risk Management Service aims is to provide an independent assessment of the current status of IT governance and risk management in an organisation. The service has been developed in collaboration with Peter Tobin Consultancy (PTC).
The Financial Services Conduct Authority (FSCA) has recently published the Joint Standard 1 of 2023 for information technology (IT) governance and risk management (Joint Standard) which should be treated as a regulation for compliance by affected organisations. Our service is structured in accordance with the Joint Standard but can be applied in organisations in any sector due to its practical and effective design.
The Joint Standard sets out the principles and minimum requirements for information technology (IT) governance and risk management that financial institutions must adhere to, in line with sound practices and processes in managing IT.
It is the responsibility of the governing body of a financial institution falling under the FSCA to ensure that they meet the requirements set out in the Joint Standard by November 2024 and on an ongoing basis.
Description of the Service
In order to assist financial institutions in addressing the requirements in the Joint Standard, PTC and associates have developed a compliance assessment service designed to provide education about the Joint Standard 1 and assess at a high level the alignment of the organisation with the Joint Standard.
The purpose of the IT Governance and Risk Assessment Service is to provide an independent high level assessment of the current status of IT governance and risk management in accordance with the FSCA Joint Standard 1 of 2023.
The service is conducted by experienced IT governance and risk consultants in conjunction with a specially designed compliance assessment tool, referred to as the PTC Joint Standard 1 Compliance Assessment Tool.
Scope of the Service
The scope of the assessment service includes the following:
- Establishing a project charter including appropriate stakeholders and key milestones
- Development of a project plan
- Execution of the service based on the project plan and the following Joint Standard requirements:
- Roles and responsibilities
- IT strategy
- IT risk management framework
- Oversight of IT risk management
- IT operations
- Handling of sensitive or confidential information
- Risks associated with financial products and financial services
- IT programme and/or project management
- IT resilience and business continuity
- IT assurance
- Notification and Reporting requirements
- Optional executive one hour briefing, half-day or full-day workshop on the contents of the Joint Standard for affected stakeholders
Tool
The Joint Standard Compliance Assessment Tool is designed to address the areas listed in the scope above and can be tailored to cater for the size and complexity of the organisation. The tool also includes rating and effectiveness scales which enable effective and appropriate reports to be provided.
An overview of the Joint Standard 1 Compliance Assessment Tool is available on request in conjunction with this service description.
Deliverables
An Independent Assessment Report will be provided which will include:
- An independent and objective review of the current state of IT Governance and Risk Management in the organisation
- A list of observation and findings
- Recommendations for addressing any shortfalls identified during the assessment.
Consultancy and Duration of a Joint Standard Compliance Assessment Service
The typical consultancy billable effort required for conducting our assessment service is from 1 to 5 days. The duration is dependent on the size and complexity of the organisation, the availability of stakeholders and information required for responding to assessment which is conducted at a high-level (accepting evidence provided without detailed review of the evidence) but will typically only take place over 1 to 3 weeks.
A more detailed evaluation which would include validating every piece of evidence of compliance individually is available subject to negotiation.
Benefits of the Assessment Service
The benefits of the assessment service and tool include:
- The incorporation of subject matter knowledge relating to IT governance and risk management into a concise, purpose-built assessment service which enables organisations to identify their current status of alignment in a much shorter time than it would take using a non-integrated approach.
- A cost-effective approach to identifying shortfalls against the Joint Standard, thereby enabling financial institutions to implement measures for complying with the standard by the required date of November 2024.
Costs
The costs for an assessment are based on the following:
- Consultancy fees based on the size and complexity of the organisation, from 1 to 5 days of billable services delivered;
- Optional Licence Fee for use of the Joint Standard 1 Compliance Assessment Tool on an ongoing basis.
Joint Standard 1 of 2023 IT Governance and Risk Management Workshop
We also offer a half day workshop on the Joint Standard, please click on the link below for more information. Please on the link below to find out more.
IT Governance and Risk Management Workshop