Policy Memorandum IMRA
For many organizations including the institutions supervised by the Centrale Bank van Curaçao en Sint Maarten (hereafter the Bank), information and their supporting systems are amongst their most valuable assets. Those organizations recognize the benefits of information technology and use it to drive their stakeholders’ value. However, the evolving role technology plays in supporting the business function has become increasingly complex. Information Technology (hereafter IT) operations have become more dynamic and include distributed environments, integrated applications, telecommunication options, internet connectivity, and an array of computer operating platforms. As the complexity of technology grows, information systems and networks are faced with control weaknesses.
Dependence on information systems and services means that organizations are more vulnerable to threats. It is a challenge to secure information systems and to have a good control environment in place.
Security should not only be achieved through technical means, but also supported by appropriate management policies and procedures. Identifying which controls should be in place requires careful planning and attention to detail.
The need for assurance about the value of IT, the management of IT-related risks and increased requirements for control over information are now considered as key elements of enterprise governance. Value, risk and control constitute the core of IT governance.
This IT Framework Memorandum (hereafter Memorandum) is the basis for the Supervised Institution IT Questionnaire (SIIQ) for Supervised Institution’s and various Provisions and Guidelines that the Bank will issue. The SIIQ and related provisions and guidelines will provide Senior Management of supervised institutions with a firm basis to evaluate the risks inherent to the use of IT in their institutions. In addition the Memorandum serves to increase Senior Management's awareness of the general control elements that may be effective in safeguarding the institution's operations against such risks.
A strong control environment consists of policies, standards, procedures, practices, technologies and organizational structures designed to provide reasonable assurance that the business objectives are achieved and that undesirable events are prevented or detected and corrected.
Download the entire PDF
^ Back to top
Last updated 21.07.2011 15:03