Energy Credit Best Practices – Chapter: Information Technology http://ccro.org © Copyright 2022, CCRO. All rights reserved. 8 In most organizations, the responsibility for setting enterprise-wide IT strategy typically falls outside the Credit Group's scope. However, the implementation of this strategy strongly influences how Credit Groups operate. The credit function should regularly communicate their evolving needs with the IT Group such that collaborative solutions are designed and implemented. As a side comment a separate CCRO white paper on “Operative Risk Resiliency for Energy Companies” is being developed at the time of this writing. It is interesting to note here that one of the early findings of that working group is that risk professionals should be increasingly working together with IT professionals, both sharing the changing needs of their function and sharing their perspectives on strategies to address them. A recurring thread throughout the entire paper, and one notably demonstrated in this chapter, is the interdependence between Credit Risk and many other functions within an organization. Credit Risk’s ability to effectively work with other functions is becoming more critical as interdependence and associated information flows grow. To help facilitate enablement of the credit function through IT, best practices require appropriate governance structures and applicable IT development & maintenance operating standards. These governance structures and standard operating procedures should be informed by relevant industry frameworks. The overall IT management process requires active engagement of management from both the credit and IT functions, as well as sponsorship from senior leadership. Accountability for this process should be driven through regular status reports on applicable initiatives and on compliance with Standard Operating Procedures. Standard Operating Procedure should be created for the credit process, updated, and regularly discussed between the IT and Credit Groups. This allows for improved transparency and coordination. The Credit Group’s IT system(s) should be linked to the overall IT strategy of the organization. If it is not, the IT Group and Credit Group should revisit credit system needs and adjust the IT approach. This alignment ensures that IT Systems provide the Credit Group's needed functionality and the Credit Information Ecosystem's connectivity. 1.4.2 Robust Controls with Independence IT and Credit Group operations should each rigorously meet their company internal business directives and applicable industry standards. Ensuring compliance with these directives and standards requires a robust Control Environment which is independent from the commercial functions. Operating an effective and compliant credit process in today’s rapidly evolving environment requires robust controls with independence. The following factors are vital to ensuring an effective credit risk control environment: (1) operate according to industry control standards and principles, (2) assure that data is transferred and processed accurately, (3) maintain periodic independent review.