IT directors in the financial sector will have to show that they
are managing operational risk when outsourcing key IT functions,
under new regulations planned by the Financial Services Authority
(FSA).
"Gone are the days when companies could just make a decision to
outsource their main IT operations to cut costs. The FSA now wants
to fully understand what is going on with your operating
procedures," said Paul Whitaker, risk manager at investment firm
Threadneedle Asset Management.
He said that financial businesses will be encouraged to consider
the impact that outsourcing has on their operational risk profile.
Outsourcing any business function usually implies less control over
people, pro-cesses and systems, he said.
Companies will have to inform the FSA of the extent to which their
supplier will provide business continuity for outsourced
operations. They will also have to show that adequate controls are
in place in case outsourcing arrangements are changed or terminated
altogether.
Companies will also have to ensure that independent auditors will
have access to the functions and processes that have been
outsourced.