PowerPoint Presentation

.. IT Executive Leadership Governance Committee.

[Audio] This training video focuses on important topics of IT strategy and portfolio management. We will begin with an opening prayer and ratification of the IT ExL Committee Terms of Reference. As IT leaders, it is our responsibility to align our organization's technology with our overall business strategy. This requires regular review and updates to keep up with constantly changing technology. We will also review our IT portfolio and its projects, initiatives, and investments. It is important to have a concise overview in order to effectively manage and prioritize our resources and budget. Finally, we will discuss the importance of mitigating risks in our IT projects. As a committee, it is our duty to identify and address any technical, financial, or security-related risks. Let's continue with the remaining slides to fully understand the crucial role of the IT Executive Leadership Governance Committee in our organization..

[Audio] Today, we will be discussing the scope of the ExL IT Governance Committee. Our focus is on effective governance for all IT-related activities within the organization. We have identified four key areas in which we will be working on: strategic alignment, portfolio governance, financial stewardship, and cybersecurity oversight. Let's take a closer look at each of these areas and the expected results. Firstly, our goal for strategic alignment is to ensure that all IT investments align with the organization's priorities and mission. This will create a better connection between technology and business goals, leading to more impactful results. Next, the portfolio governance area is responsible for overseeing all enterprise IT programs and ensuring prioritization and value delivery. Our aim is to have more impactful and well-prioritized project execution, resulting in successful and relevant projects. Moving on, our focus for financial stewardship is on guiding budget allocation, monitoring funding, and supporting fundraising efforts. We aim to optimize the use of resources and improve cost control throughout the organization. In terms of accountability, we are dedicated to promoting ownership, transparency, and measurable results within the organization. Our goal is to increase trust, transparency, and measurable success for all IT-related activities. Lastly, the committee is responsible for approving cyber-risk policies and reviewing security reports for the Board in the area of cybersecurity oversight. Our focus is on improving the organization's overall risk posture and increasing the Board's confidence in our IT practices. Overall, the ExL IT Governance Committee has a crucial role in the organization by ensuring effective governance for all IT-related activities. Our focus areas all work towards our ultimate goal of promoting effective and successful IT practices..

IT Strategy Update.

[Audio] As an IT executive, it is crucial to have a comprehensive understanding of the key program milestones that have been set for the next four years in order to measure the success of our program and achieve our desired outcomes and benefits. The first milestone we will discuss is the Program Budget Vs Spend for the years 2022 to 2025. This will provide us with a clear understanding of our financial status and enable us to make informed decisions on resource allocation. Next, we will address the Key Portfolio Risks & Issues that may potentially impact our program. It is essential to identify these risks and proactively work towards mitigating them. Moving on to the specific projects under our program, we will review the current status of our Digital Field Applications. To date, we have successfully implemented this application in 6 out of 8 countries including Uganda, Tanzania, Ghana, Kenya, Senegal, and Malawi. This is a significant achievement and we aim to complete the roll-out in the remaining countries soon. Our Core Banking Solutions project is progressing as planned, with 11 out of 11 countries successfully utilizing the system. These countries include Ecuador, Mongolia, Philippines, Dominican Republic, Mexico, Bolivia, Honduras, Ghana, Zambia, Tanzania, and India. In terms of our Mobile Banking Solutions, we have completed the implementation in 5 out of 8 countries, including Myanmar, Malawi, Mongolia, Tanzania, and India (QR code). This has greatly improved financial access and convenience for our clients in these countries. Now, let's focus on one of our critical goals - Credit Scoring. Currently, this system has been implemented in 3 out of 12 countries, including Uganda, Mexico, and Myanmar. We are continuously working towards completing the implementation in the remaining countries. In addition to our main projects, we have also successfully implemented other important tools in various countries, such as Vietnam Loan Auto Renewal, Ukraine Client Web Portal, and Air Traffic Control Tools - with 20 in-flight at different stages. However, we have identified some critical data gaps that need to be addressed. The global numbers differ from the numbers captured by our project managers. Additionally, some of our centralized budgets and costs are not visible at the regional and MFI level. It is crucial for us to align these numbers in order to have an accurate understanding of our program's financial health. We must also ensure that these numbers are visible at all levels to have a complete view of our program's financial status..

[Audio] On Slide 6 of our IT Executive Leadership Governance Committee presentation, we will be discussing portfolio risk mitigation and the corresponding action items. The table on this slide displays important data. Our first action item is to implement a comprehensive portfolio governance structure to prioritize and align our values, and increase visibility within our organization. Gloriah is the action owner and it is set to be completed by September 2025. The second action item is to clarify roles at all levels of governance, defining responsibilities, decision rights, and performance expectations for individuals involved in our portfolio. Shannon is the action owner and it is expected to be completed by December 2025. Our third action item focuses on financial governance and project accounting. We will ensure all IT investments over $50000 have comprehensive business cases with ROI, TCO, and KPIs, and establish standardized project accounting rules while improving budget tracking globally and regionally. Elizabeth is the action owner and it is set to be completed by October 2025. Our next task is resourcing and capacity building for both IT and business teams, with Shannon and Solymar responsible and completion expected by October 2025. Our fifth action item is implementing tools for tracking key performance indicators and increasing portfolio visibility, with Gloriah as the lead and completion set for October 2025. Lastly, we aim to optimize our vendor sourcing by partnering with relevant and cost-effective vendors and continuously improving our processes. Shannon is responsible for this item with ongoing progress. Additionally, our localization strategy is crucial to ensure that our global solutions meet local needs before rollout, with Shannon and Luke working together on this task..

Cyber Security Update.

[Audio] Today, we will be discussing the Executive Summary for the Cybersecurity Landscape in MFIs and the reasons why it is crucial to address this issue now. As we use more digital tools in our Microfinance Institutions, our cybersecurity risks also increase. It is important that we raise awareness of these risks and evaluate our current level of readiness to ensure the security of our institutions. In this presentation, we will present practical action points that MFIs can implement to improve our overall security. This includes identifying any gaps in our readiness, such as monitoring, incident response, and business continuity planning. We must strengthen our accountability by defining roles and incorporating security responsibilities across teams. By addressing these issues, we can proactively protect our institutions and ensure the safety of our clients' data. Let's continue to work towards a more secure future for our MFIs..

[Audio] We will be discussing some of the most common cyber threats that organizations face today on slide number 9. These threats can severely impact the security and integrity of IT systems, resulting in significant financial and reputational damage. Social engineering attacks, such as phishing and spear-phishing, are increasingly prevalent and can compromise sensitive data. In addition, ransomware and malware targeting core banking systems have been on the rise, leading to data breaches and financial loss for organizations. Distributed Denial of Service (DDoS) attacks have also been a frequent method used to disrupt critical infrastructure, as seen in the 2023 attacks on Kenya's Safaricom. Insufficient cloud security in shared environments has also left organizations vulnerable to cyber threats, as demonstrated by the 2019 Capital One Data Breach. It is important for organizations to be aware of third-party and vendor breaches, which have resulted in significant financial loss, such as the fraud case in 2021. Insider threats, including fraud and privilege misuse, are also a major concern for organizations, as seen in the 2025 loss of USD 4,013 due to mobile banking fraud and the 2021 case of USD 106,571 being stolen due to privileged access abuse. Low user awareness on cyber hygiene is a major weakness in cybersecurity, as seen in the Tesco Bank cyber attack in 2016, which resulted in the theft of £2.5 million from customer accounts due to inconsistent security controls between headquarters and branch networks. Lastly, process gaps that leave organizations vulnerable to external threats should not be overlooked, as seen in the December 2024 VFT COB issue, which took four days to resolve and caused significant disruption and financial loss. It is crucial for IT executive leadership to be aware of these threats and take necessary precautions to protect their organizations..

[Audio] A critical responsibility of an IT executive leader is to continuously assess and enhance our organization's cybersecurity posture. This involves thoroughly evaluating our current readiness level and identifying areas that require improvement. Slide 10 displays a table with data representing our current standing. In terms of our policy framework, we have established policies, but there is a lack of consistent implementation and enforcement across our operations. This poses a significant risk to our overall security and highlights the need for stronger governance in this area. Our security culture is currently at a low level, indicating a lack of awareness and accountability at both operational and executive levels. It is crucial that we work towards a higher level of security culture to better protect our organization. Moving on to incident response, we are currently at a low level. This means that we do not have a formal incident handling process in place, and there is limited documentation and no post-incident reviews. It is imperative that we establish a robust incident response plan to effectively handle and mitigate any security incidents. Our control monitoring is also at a low level, indicating that our security controls are not regularly reviewed or tested for effectiveness. This leaves us vulnerable to potential cyber attacks and highlights the need for ongoing monitoring and testing of our security controls. Our current level of cloud security is low, primarily due to notable security weaknesses in our AWS landing zones that require remediation. As an IT executive leader, it is crucial to prioritize addressing these weaknesses to strengthen our overall security posture. Additionally, our technical foundation is at a low level. While we have firewalls and antivirus in place, weak governance, culture, and poor branch connectivity reduce their effectiveness. It is vital that we strengthen these aspects to improve our technical foundation. Furthermore, our stakeholder engagement level is low, indicating that our feedback mechanisms with regional directors, CEOs, IT managers, and users are ineffective. As IT leaders, we must actively engage and communicate with our stakeholders to ensure a comprehensive and collaborative approach to cybersecurity. On the next slide, we will see a table displaying further details and suggestions for improving our organization's cybersecurity posture..

[Audio] We have now covered various aspects of IT executive leadership and governance. To recap, it is essential to understand the importance of policies and their enforcement. This involves creating policies, utilizing tools, and monitoring to establish a strong policy framework. We also discussed the concept of building security into IT projects, which involves following a security lifecycle and conducting mandatory penetration testing to identify and address vulnerabilities. To uphold these policies and procedures, it is crucial to have clear Standard Operating Procedures, conduct regular audits, and track key performance indicators. In regards to external vendors, it is vital to enforce Service Level Agreements and conduct regular risk reviews to ensure the security and compliance of their services. When it comes to cloud preparedness, having secure landing zones, strong IAM controls, and regular backups is paramount to maintaining the safety and integrity of data in the cloud. To be fully prepared for security incidents, it is important to regularly test Business Continuity and Disaster Recovery plans and conduct phishing tests and incident simulations. As leaders in the IT field, it is crucial to prioritize cybersecurity as a strategic agenda item and not just a technical one. This means making cybersecurity a part of staff performance evaluations and promoting a security-first mindset within the organization. In summary, there are key actions that must be taken to ensure the highest level of cybersecurity in an organization, including quarterly security reports, restructuring and strengthening IT organization structures, and strengthening risk and compliance teams. Making security a business priority and embedding it in staff performance evaluations is also crucial. Thank you for taking the time to learn about IT executive leadership and governance. We hope you found this presentation informative and we look forward to working together to keep our organizations safe and secure. Thank you for listening..