Energy Credit Best Practices – Chapter: Information Technology http://ccro.org © Copyright 2022, CCRO. All rights reserved. 16 The reduction of employees can have an exponential benefit in reducing software licensing costs, help desk time, and end-product support. Finally, automation may reduce data transaction fees and on-premise IT-related costs as cloud-based platforms become more common-place. Credit organizations should thoroughly evaluate their IT strategies on how they can help them achieve these very real benefits of automation. As IT’s goal is to enable the business, automation frequently represents an easy, quick and efficient way of realizing these labor, accuracy and costs benefits. 2.2.2 Expectations for Controls There is no point in having controls in place if it is not possible to tell when the controls have been violated. The sooner the credit department is aware of a breach, can take faster corrective action to mitigate a non-compliant situation. Automatic monitoring of controls based on a real-time exposure calculation and immediate notification is a best practice here. Formal procedures should be established whereby a single system owner, independent of the Front Office, sets up counter parties, commodities, products, portfolios, and locations. This ownership is often assigned to the Middle Office. This independent function should establish controls to ensure that changes to prices, volumes, and other deal terms are not permitted without proper authorization once captured within the credit system. Alternatively, if these terms are changed, the credit system should automatically alert the Middle Office that confirmation is needed. Reference data, including names, curves, models, and limits, should be reviewed periodically as appropriate (at least annually) to verify the accuracy and should be linked to or coded into the system to minimize human error. Key processes to monitor include: • Intra-Day (Parametric) Batching: Ensure that batch processing facilitates intraday large batches of information that can be executed at low impact times for the business. • Limits – Restrictions placed on the trading or selling Ensure that real-time processing emphasizes the ability to handle limits efficiently. Establish a comprehensive view of your firm's Liquidity, exposure, cash flows, etc. • Violation of Limit Notifications: Ensure that the data integration design is robust and can handle notification rules. 2.3 Policy 2.3.1 Security Approach IT Security for Credit should be addressed in several distinct manners, culminating in a cohesive approach which will provide a level of confidence that all manner of credit information is secured. Following the NIST standards is an excellent guide to achieving such a comprehensive approach. These Security approaches should be prioritized based on the overall risk associated to the credit components being addressed. Because this risk can vary project by project, the detailed summary of Security requirements are listed in the in a typical order of priority, but should be prioritized