QUESTION

Mybank Commercial Bank is a global conglomerate with operations in more than 10 countries and with more than 25,000 employees across the globe. The bank's technology teams are located throughout the world to support global lines of business. IT services including infrastructure are maintained by both in-house IT teams and third party service providers. This bank has a history of varied governance and assurance templates and processes. A risk management framework was used to ensure effective risk and control management to address existing risk and control weaknesses. Lately, Mybank has been experiencing several problems with its IT systems used to support its businesses around the globe. The systems are not delivering the required benefits that were identified and are now faced with frequent maintenance and threats to confidentiality

(a) Identify the entities for managing risks and controls and give an example for each entity

(b) Describe the key components in the banks' technology environment and describe the controls that should be applied to each component

(c) Keeping in mind that the IT systems of the bank are not delivering up to the required standard and the principle risk associated is Technology risk, identify and describe corresponding level II risks and the control objectives the bank should implement