Title:Information Technology Management Practices of Commercial Bank Branches in Batticaloa 1. People??™s Bank 2. Bank of Ceylon 3. Sampath Bank 4. Hatton National Bank 5. Commercial BankThe Research ProblemThe Research Questions 1.
What are the Information Technology Management Practices of Commercial Bank Branches in Batticaloa 2. What is the perceived level of support and assistance branches received from the head office 3. What is the level of effectiveness of IT services of head office at branch levelThe Research Objectives 1. To identify Information Technology Management Practices of Commercial Bank Branches in Batticaloa.
2. To measure the perceived level of support and assistance of head office at branch level 3. To measure the level of effectiveness of IT services of head office from the perspective of branch levelQuestionnairePart I 1. Do you have a separate IT department in your bank Yes/No 2. What is your structure of IT management between Head Office and bank branches Centralised/ DecentralizedPart IIBranch level IT management system 1- Very low 2- Low 3- Moderate level 4- High level 5- Very high| | |1 |2 |3 |4 |5 ||A |IT Policy | | | | | ||02 |Your level of knowledge regarding IT policy of your bank. | | | | | ||03 |Revision and updating of IT policy based on changes. | | | | | ||B |IT System Usage | | | | | ||05 |Level of head office support and involvement in handling IT related customers??™ problem.
| | | | | ||06 |Level of support and arrangement organised by the head office in handling day to day minor IT related problems at | | | | | || |branch level. | | | | | ||07 |Level of head office support and involvement in day to day major IT related problems at branch level. | | | | | ||08 |Level of head office support and involvement in managing system break down at branch level. | | | | | ||09 |Level of head office assistance and involvement in resolving technical problems in the usage of technology. | | | | | ||C |Education and Training | | | | | || |Level of training and education regarding information systems services you get from head office. | | | | | ||11 |Level of IT training employees has received in order to handle day to day IT related tasks. | | | | | ||12 |Level of on the job training or hands on experience you have received in order properly handle IS/IT/Computer System | | | | | || |in your branch. | | | | | ||13 |Level of outsourced training faculties you get in order to manage branch level IT services effectively.
| | | | | ||D |System Administration | | | | | ||15 |The timely delivery of IT services and information and technology solutions provided by the head office. | | | | | ||16 |Level of head office services and support in connection with that system changes with out interfering reliable | | | | | || |operation and availability of banking services. | | | | | ||E |IT System Maintenance | | | | | ||18 |Level of head office services and support in properly maintaining IT system outside the branch (e.
g.: ATMs | | | | | || |maintenance). | | | | | ||F |Security Management | | | | | ||20 |Level of information system auditing conducted by the head office at branch level | | | | | ||21 |Arrangement and support established by the head office to manage disaster and contingency events at branch level | | | | | || |regarding protect of business transaction and/or loss of critical data. | | | | | ||22 |The level of arrangement and support of the head office to recover quickly from disasters to protect the business | | | | | || |in the event of a systems outage, and/or loss of critical data | | | | | ||23 |Level of Security Management provided by the head office in connection with data loss and systems damage due to | | | | | || |hacking and/or theft. | | | | | ||24 |Level of support and arrangement provide by the head office in connection Virus protection (e.g.
: to protect desktops| | | | | || |and servers from damage due to virus attacks). | | | | | || | | | | | | || |level of effectiveness of IT services of head office at branch level | | | | | || |1-Very Low 2- Low 3-Moderate 4- High 5- Very High | | | | | ||1 |Level of Reliability regarding Head office IT services | | | | | ||2 |Level of Responsiveness regarding Head office IT services | | | | | ||3 |Level of Competence regarding Head office IT services | | | | | ||4 |Level of Access regarding Head office IT services | | | | | ||5 |Level of Courtesy regarding Head office IT services | | | | | | ??? Reliability ??“ Consistency of performance and dependability ??? Responsiveness ??“ Willingness/readiness of employees to provide service in timely manner ??? Competence ??“ Possession of required skills to perform service ??? Access ??“ Approach ability and ease of contact ??? Courtesy ??“ Politeness, respect, consideration, friendliness ??? Service quality ??? System quality ??? Information quality ??? Use ??? User satisfaction ??? Individual impact ??? Work group impact ??? Organizational impactDo you have IT policy at branch levelTrouble shootingHow you are handling day to day minor IT related problems at branch levelHow you are handling day to day major IT related problems at branch levelHow you are managing system break down at branch levelEnd-User Support: to resolve technical problems and assist in the usage of technology.Systems Administration:? to ensure that userids are current, access is appropriate, and that storage capacity is kept at required levels.The timely delivery of projects, information and technology solutions.TrainingLevel required training you get from head officeHow you are getting IT related training at branch levelData ManagementTypes of data management: centralised or decentralizedLevel of data protection given or ensured by the head officeIT system maintenanceIT system maintenance at branch levelDo you have information system auditingEvery three month, every six month, once a yearSystem Security aspectsHow you are dealing security matters at branch levelDisaster Recovery & Contingency Planning: to protect the business in the event of a systems outage, and/or loss of critical data.Security Management: to protect business from data loss and systems damage due to hacking and/or theft.Virus Protection: to protect desktops and servers from damage due to virus attacks.Information system changesInstallation of new system at branch levelComplete updating process of IT existing systems at branch levelChange Management: to ensure that systems changes do not interfere with reliable operation and availability.
IT Management Practices for the EnterprisePolicies and procedures in IT Management are meant to ensure that critical systems stay current, reliable, secure, and that they perform as needed. But, oh, it were only that simple. Within the large corporate enterprise, the road to structured IT management is littered with challenges and roadblocks.? Management practices may take initial shape based on technology requirements and established industry best practices.? But, final form and function are ultimately determined by organizational requirements, resource capabilities, and internal politics.? IT Management Defined:IT Management is defined by a set of practices, policies and procedures related to the implementation, maintenance, and ongoing control of technology in business.? Depending upon the needs of the enterprise, IT management programs can be realized through a combination of tools (hardware and software) and ideas (strategies, policies and procedures).? These methods and mechanisms will be determined in large part by technical requirements, organizational issues, available funding and the degree to which technology management is embraced as a strategic business function.
Based on these factors, an individualized IT Management program can include one or more of the following elements, delivered in any number of ways: ??? Asset Management: to keep track of all hardware and software assets currently owned and in use. ??? Change Management: to ensure that systems changes do not interfere with reliable operation and availability. ??? Disaster Recovery & Contingency Planning: to protect the business in the event of a systems outage, and/or loss of critical data. ??? End-User Support: to resolve technical problems and assist in the usage of technology. ??? Security Management: to protect business from data loss and systems damage due to hacking and/or theft. ??? Software Licensing Control:? to ensure compliance with licensing laws.
??? Systems Administration:? to ensure that userids are current, access is appropriate, and that storage capacity is kept at required levels. ??? Systems Management: to ensure that hardware and software configurations are current, documented and performing as expected. ??? Technology Standards Management: to set product standards that ensure systems reliability, compatibility and lower support costs. ??? Virus Protection: to protect desktops and servers from damage due to virus attacks.IT Management Issues:If IT management policies and procedures rested solely on technical requirements and best practices, we might all do a better job of planning and implementing truly workable practices.
? But things are rarely that simple …Organizational issues must also be factored into the development and implementation of IT management practices …IT Structures: IT management practices must reflect the structure of the IT organization itself, which can be organized in any number of ways.
? Traditional IT structures include centralization (where all technology management functions are part of a single reporting structure), decentralization (where technology responsibilities are distributed across multiple reporting entities), outsourcing (where IT management responsibilities are handled by external service providers), or hybrid (any combination of the three).? These structures will determine systems management responsibilities, while creating potential confusion and conflict in terms of ownership and authority.Internal Acceptance:? How is your IT organization perceived by end-users and management? Internal respect and acceptance of IT as a business partner can go a long way in determining the extent to which systems management guidelines are accepted, particularly those that serve to control systems access and utilization.Management Support:? Do you have sufficient management support for IT policies and procedures? Since systems management procedures impact systems accessibility and availability, sometimes restricting end-user functionality and independence, management support is critical? Without that support, there will be no supporting foundation for sensitive decisions that may be in the best interests of the company, rather than the individual.? If you lack this support, you need to know why ..
.. are IT policies inappropriate, are IT services inferior, does IT have a bad reputationIT Management Risks:The policies, processes and procedures involved in IT management are often referred to as “best practices”.
? But what works for one business does not necessarily work for all.? If you implement an ineffective or inappropriate IT management program you may run the risk that ..
… ??? Management costs will become too high. ??? Restrictive controls on the access and usage of systems will interfere will the productive usage of those systems.
??? Your technical staff (if any) will not able to keep up with IT management guidelines. ??? You will not have the ability to enforce IT management guidelines. ??? You will implement policies, standards or procedures for the sake of control, not for the needs of the business.To avoid these risks, be sure to carefully evaluate not only your operational needs for IT management, but also your internal capabilities for effectively supporting and executing an IT management program.? ? CONCLUSIONS.
…What will it take to plan and implement an effective IT Management program? ? Step One: Assess Readiness – have you considered the degree to which reporting relationships,? IT reputation and management support must be factored into systems management strategiesStep Two: Identify Goals – what do you need to accomplish with an IT management programStep Three:? Identify Technical Requirements -? what IT management practices will you need to put in place to meet operational goals and technical needs.Step Four:? Assess Internal Capabilities -? do you have sufficient information, tools and resources to implement your management programStep Five:? Develop Management Program – devise and document your IT management program and acquire any software/hardware tools that may be required to meet management objectives.Step Six:? Test Management Programs – test any automated processes and/or new operating procedures to be put in place as part of your IT management program.? Step Seven:? Communicate? with End-Users & Management? – provide training and information all new IT management policies, processes and procedures.
Step Eight:? Implement and Monitor – put your IT management program in place and continually monitor progress and effectiveness.? IT Management Practices for the Small BusinessStructured IT Management policies and practices have long been used in large corporations to ensure systems reliability, performance and security.? But these needs are no longer limited to the corporate world.? To serve a changing business world, the practices involved in managing business technology must be developed and adapted to suit business needs, not size.? This assessment tool will help you to evaluate the needs, benefits and risks in IT management, and will help you develop your own IT management program.IT Management Defined:? An IT Management program is a set of practices, policies and procedures related to the implementation, maintenance, and ongoing control of technology in business.
? An IT management program typically addresses the physical elements of technology in business – hardware, software and network infrastructure, as well as the human elements – support, training, security, access and usage.? It addresses these elements in a number of ways, which can include automated processes, manual procedures and documented policies. How you put your program together will depend upon? business size, type, technical capabilities, budget, staff resources and the degree to which you rely on technology for operation, growth and revenue.Based on these factors, an individualized IT Management program can include one or more of the following elements, delivered in any number of ways: ??? Asset Management: to keep track of hardware and software owned and in use. ??? Change Management: to ensure that systems changes do not interfere with reliable operation and availability. ??? Disaster Recovery & Contingency Planning: to protect the business in the event of a systems outage, and/or loss of critical data.
??? End-User Support: to resolve technical problems and assist in the usage of technology. ??? Security Management: to protect business from data loss and systems damage due to hacking and/or theft. ??? Software Licensing Control:? to ensure compliance with licensing laws. ??? Systems Administration:? to ensure that user-ids are current, access is appropriate, and that storage capacity is kept at required levels. ??? Systems Management: to ensure that hardware and software configurations are current, documented and performing as expected. ??? Technology Standards Management: to set product standards that ensure systems reliability, compatibility and lower support costs. ??? Virus Protection: to protect desktops and servers from damage due to virus attacks.
? IT Management Benefits:Is the effort worth the rewards….While the benefits realized may vary, an effective, realistic IT management program can deliver any number of tangible benefits in terms of productivity, systems stability and reduced operational costs. So what can you hope to gain: ??? A better understanding of your technical environment and its relationship to your business. ??? The ability to maximize the use of technology in your business. ??? The ability to better protect your business interests and technology assets.
??? The opportunity to make the most of the dollars spent on the acquisition and support of technology. ??? More reliable, secure systems, with limited downtime and fewer outages, and the ability to better handle those outages if they do occur.IT Management Risks:The policies, processes and procedures involved in IT management are often referred to as “best practices”.? But what works for one business does not necessarily work for all.
? If you implement an ineffective or inappropriate IT management program you may run the risk that…
.. ??? Management costs will become too high. ??? Restrictive controls on the access and usage of systems will interfere will the productive usage of those systems.
??? Your technical staff (if any) will not able to keep up with IT management guidelines. ??? You will not be able to enforce IT management guidelines. ??? You will implement policies, standards or procedures for the sake of control, not for the needs of the business.To avoid these risks, be sure to carefully evaluate not only your operational needs for IT management, but also your internal capabilities for effectively supporting and executing an IT management program.? Implementation:What will it take to plan and implement an IT Management program? Step One: Identify Goals – what do you need to accomplish with an IT management programStep Two:? Identify Requirements -? what IT management elements do you need to put in place to meet your goalsStep Three:? Assess Capabilities -? do you have sufficient information, tools and resources to implement your management programStep Four:? Develop Program – devise and document your IT management program and acquire any software/hardware tools that may be required to meet management objectives.Step Five:? Test Program – test any automated processes and/or new operating procedures to be put in place as part of your IT management program.Step Six:? Communicate? ? – inform and train staff on all new IT management policies, processes and procedures.Step Seven:? Implement and Monitor – put your IT management program in place and continually monitor progress and effectiveness.
? ? Decision Making in IT: Anticipate ImpactOn face value, technology decisions should rest solely on business requirements,? technical parameters and sound financial reasoning.? However, things are rarely that simple.? End-user perceptions, realistic or otherwise, can affect the success of any IT service, and should also be made part of any decision making process.? But, if perceptions are to be an element of decisions, they must first be anticipated ..
.. predicted through careful consideration of potential consequences and likely reactions.? This is the human aspect of impact analysis.? There are three steps involved in this? type of impact analysis:? Consider the Services.
? Anticipate the Consequences.? Plan for Results.Services: What types of IT services are likely to have an impact (either positive or negative) upon a business organization and the employees ??? Technology solutions selected and deployed, as well as those ignored or discarded. ??? Maintenance practices implemented. ??? Technology policies and procedures created and enforced. ??? Projects and priorities chosen. ??? Messages communicated – to management, end-users and IT staff.
??? Support services provided. ??? Disruptions or delays in service and systems performance. ??? The timely delivery of projects, information and technology solutions. ??? The quality and timeliness of service and support.Consequences: How will any of the aforementioned services have an impact upon the business organization and the employees ??? Technology can give rise to changes in roles and responsibilities, changes in work schedules and can create the need for new skills and training. ??? Continued disruptions in service and ongoing technical problems can impact workload and deadlines, and can contribute to lowered morale. ??? Once assigned, desktop technology can be viewed as a symbol of status, reward or management preference.
??? Technology standards can interfere with end-user preferences and the perceived need for systems independence. ??? Continual technological change, (or the lack thereof), can impact staff retention and performance.Results:? What can you do to find a middle ground between services and consequencesThe consequences and perceived impact of IT decisions and services can vary based on circumstance and perception.? Realizing that you cannot please everyone, you need to plant the seeds of compromise.? When contemplating an IT project, service or technical solution, it may be necessary to find a middle ground as you reach for conclusions ..
.. to minimize negative impact and maximize positive impact.? ? In summary, effective impact analysis needs to cover all the bases …
. technical, financial, and emotional.? When applying impact analysis to projects and decisions,? you will go through an exercise that considers goals, scope, consequences, perceptions, timing and compromise.
? While this may take some time and effort, ultimately, IT organizations may come to exert greater business influence through an adequate demonstration of the concern for IT Impact.? IT Organizations by DesignThere are only two rules to follow when it comes to choosing an effective organizational structure for your IT operation.? First, IT organizational structures should be created to suit business needs and strategic technology objectives.? Then, IT organizational structures should be created with sufficient flexibility to respond to changing business needs and circumstances.
There is no right or wrong way to structure an IT operation, but in all likelihood, any structure you choose will be derived from four basic organizational possibilities:The Centralized IT Organization:? ? In the centralized IT group, all IT management functions are part of a single reporting structure.The Decentralized IT Organization:? ? In the decentralized IT group, all IT management functions are distributed across multiple technology or end-user business units.The Outsourced IT Organization:? In the outsourced IT group, all IT management functions are handled by external service providers.The IT Hybrid:? In the IT hybrid organization, IT management functions are delivered via some combination of the three organizational structures described above.
? In reality, the hybrid IT organization is probably the most common structure used …
.. although specific applications are wide and varied.? For example, the hybrid IT group may take on any shape as needed, relying on centralization, decentralization and outsourcing in any appropriate combination.? Just consider the following example:Multiple Organizational Characteristics in one IT PackageCentralized Functions:? Help Desk, Networking, Telecommunication, Standards, Security, Strategic VisionDecentralized Functions:? Project Management, Applications Development, Purchasing, Technology Planning, SupportOutsourced Functions:? Break/Fix MaintenanceConsidering the possibilities, IT organizational structures should be chosen and reviewed carefully in order to meet the needs of the business, its style, and use of technology.? An “out-of-touch” IT structure will never live up to its potential, and may actually become counterproductive.? For example, if IT services are viewed as irrelevant and complicated, end-users will find ways to work around IT, thereby defeating or diminishing key operational benefits.Step 1: Identify business and technology requirementsStep 2: Assess your prioritiesStep 3: Weigh the alternativesStep 4: Match requirements and priorities to organizational alternatives, and operational goalsStep 1: Identify business & technology needs according to: ??? Type of business ??? Business size and number of locations ??? Organizational structure ??? Culture and attitude ??? Technology platforms ??? Use of and reliance on technology to achieve business objectives ??? Business growth potential ??? Type of IT services required ??? Technical expertise of the end-user communityStep 2: Assess operational priorities: (what do you want IT to be) ??? Cost focused (on lowest possible costs) ??? Control focused ??? Flexible and innovative ??? Responsive to best practices ??? Responsive to unique end-user requirements ??? Minimally bureaucratic ??? Risk averse ??? Risk readyStep 3: Weigh the alternatives considering traditional organizational structures and related pluses and minuses of each: ??? The centralized organizational structure offers the highest degree of “control” and greatest economy of scale, allowing you to leverage centralized systems and IT staffing for the entire business.
? Tangible advantages can be realized through enhanced productivity, technological standardization, volume purchasing, improved, lowered support costs, and a higher degree of consistency in services provided.? However, centralized IT groups can become overly bureaucratic, slow to respond, resistant to change, and may appear disinterested and non-responsive when it comes to unique end-user needs and interests. ??? The decentralized organizational structure is designed to focus on the technology service needs of distinct lines of business within an organization (i.e. Human Resources vs. Marketing vs.
Sales).? As such, the decentralized IT structure is usually more closely aligned with specific and unique business requirements.? As such, it is usually less bureaucratic, offering greater flexibility and more timely and relevant service quality.
? On the other hand,? the distributed IT organization can be more costly and difficult to operate, risking operational redundancies, power struggles, as well as technology platform conflicts and incompatibilities. ??? The outsourced organizational structure can replace the internal “hands-on” IT operation, with external service providers delivering core IT management services. Outsourcing leverages vendor expertise, taking advantage of efficiencies and experience that may be more difficult and costly to build in an internal IT shop. As such, service quality can be improved. Depending on the service provider, individual requirements, and contract terms, outsourcing can be cost effective, but cost benefits may not be realized in every situation.
? Outsourcing usually involves a loss of customization, independence and control, and in most cases, does not fully alleviate the need for an internal IT operation, if only to manage and monitor the outsourced relationship.? The benefits of outsourcing will vary greatly by circumstance, vendor and individual needs. ??? Depending upon its design and implementation, the hybrid IT structure may offer the best of all worlds.? Using bits and pieces of each traditional structure, the hybrid IT operation can be organized to meet multiple needs and priorities.? However, the hybrid shop is the hardest to implement and maintain, as it takes a good deal of attention and creativity, carrying a higher degree of risk.Step 4: Match requirements and priorities to available organizational alternatives:As you look to match requirements and priorities to available organizational alternatives, you will need to carefully consider one additional aspect ..
.. what are you trying to accomplishUnless you are just starting out, you are probably not working from a blank organizational slate, and considering the frequency with which reorganizations and mergers occur, you may even have already experienced several organizational alternatives.? In order to make efficient, effective organizational decisions, you will need to consider one key question:What is your primary goalA. To create a new IT operation..
….If you are creating a new IT organization, perhaps for a start-up, a growing business? or as a result of a merger, then you will likely have no direct historical reference points to draw upon … i.
e. how was the organization set up in the past, what worked, and what didnt? Under these exciting, but scary circumstances, whatever structure you choose, you should be prepared to change that structure if time and circumstances warrant. To that end, it may be wise to start out on the path of least resistance .
with the simplest possible structure designed to meet basic service goals, and expand as time passes.? IT organizations should be sufficiently flexible to bend as technology and business needs change.B.
To restructure an existing IT operation….
.If you need to restructure an existing organization, you need to pinpoint your immediate goals …. what are you trying to accomplish through reorganization.
… ??? To lower costs ??? To increase workplace productivity ??? To downsize IT operations ??? To grow IT operations ??? To improve results and service quality ??? To minimize internal political conflicts ??? To respond to end-user complaints or problems ??? To respond to new business requirementsCONCLUSIONS…
..Ultimately, the internal? IT operation exists to support and serve the business in the selection, deployment and utilization of technology. The organizational structure chosen should be the one best suited to the task, considering goals, costs, efficiency, productivity, results, and available resources.