A management information system (MIS) is a system or process that provides
the information necessary to manage an organization effectively. MIS and the
information it generates are generally considered essential components of
prudent and reasonable business decisions.
The importance of maintaining a consistent approach to the development,
use, and review of MIS systems within the institution must be an ongoing
concern of both bank management and OCC examiners. MIS should have a
clearly defined framework of guidelines, policies or practices, standards, and
procedures for the organization. These should be followed throughout the
institution in the development, maintenance, and use of all MIS.
MIS is viewed and used at many levels by management. It should be
supportive of the institution's longer term strategic goals and objectives. To
the other extreme it is also those everyday financial accounting systems that
are used to ensure basic control is maintained over financial recordkeeping
activities.
Financial accounting systems and subsystems are just one type of institutional
MIS. Financial accounting systems are an important functional element or part
of the total MIS structure. However, they are more narrowly focused on the
internal balancing of an institution's books to the general ledger and other
financial accounting subsystems. For example, accrual adjustments,
reconciling and correcting entries used to reconcile the financial systems to
the general ledger are not always immediately entered into other MIS systems.
Accordingly, although MIS and accounting reconcilement totals for related
listings and activities should be similar, they may not necessarily balance.
An institution's MIS should be designed to achieve the following goals:
• Enhance communication among employees.
• Deliver complex material throughout the institution.
• Provide an objective system for recording and aggregating information.
• Reduce expenses related to labor-intensive manual activities.
• Support the organization's strategic goals and direction.
Because MIS supplies decision makers with facts, it supports and enhances the
overall decision making process. MIS also enhances job performance
throughout an institution. At the most senior levels, it provides the data and
information to help the board and management make strategic decisions. At
other levels, MIS provides the means through which the institution's activities
are monitored and information is distributed to management, employees, and
customers.
Effective MIS should ensure the appropriate presentation formats and time
frames required by operations and senior management are met. MIS can be
maintained and developed by either manual or automated systems or a
combination of both. It should always be sufficient to meet an institution's
unique business goals and objectives. The effective deliveries of an
institution's products and services are supported by the MIS. These systems
should be accessible and useable at all appropriate levels of the organization.
MIS is a critical component of the institution's overall risk management
strategy. MIS supports management's ability to perform such reviews. MIS
should be used to recognize, monitor, measure, limit, and manage risks. Risk
management involves four main elements:
• Policies or practices.
• Operational processes.
• Staff and management.
• Feedback devices.
Frequently, operational processes and feedback devices are intertwined and
cannot easily be viewed separately. The most efficient and useable MIS
should be both operational and informational. As such, management can use
MIS to measure performance, manage resources, and help an institution
comply with regulatory requirements. One example of this would be the
managing and reporting of loans to insiders. MIS can also be used by
management to provide feedback on the effectiveness of risk controls.
Controls are developed to support the proper management of risk through
the institution's policies or practices, operational processes, and the
assignment of duties and responsibilities to staff and managers.
Technology advances have increased both the availability and volume of
information management and the directors have available for both planning
and decision making. Correspondingly, technology also increases the
potential for inaccurate reporting and flawed decision making. Because data
can be extracted from many financial and transaction systems, appropriate
control procedures must be set up to ensure that information is correct and
relevant. In addition, since MIS often originates from multiple equipment
platforms including mainframes, minicomputers, and microcomputers, controls
must ensure that systems on smaller computers have processing controls that
are as well defined and as effective as those commonly found on the
traditionally larger mainframe systems.
All institutions must set up a framework of sound fundamental principles that
identify risk, establish controls, and provide for effective MIS review and
monitoring systems throughout the organization. Commonly, an organization
may choose to establish and express these sound principles in writing. The
OCC fully endorses and supports placing these principles in writing to
enhance effective communications throughout the institution. If however,
management follows sound fundamental principles and governs the risk in the
MIS Review area, a written policy is not required by the OCC. If sound
principles are not effectively practiced, the OCC may require management to
establish written MIS policies to formally communicate risk parameters and
controls in this area.
NOOPUR GARG
BBA/4536/07
the information necessary to manage an organization effectively. MIS and the
information it generates are generally considered essential components of
prudent and reasonable business decisions.
The importance of maintaining a consistent approach to the development,
use, and review of MIS systems within the institution must be an ongoing
concern of both bank management and OCC examiners. MIS should have a
clearly defined framework of guidelines, policies or practices, standards, and
procedures for the organization. These should be followed throughout the
institution in the development, maintenance, and use of all MIS.
MIS is viewed and used at many levels by management. It should be
supportive of the institution's longer term strategic goals and objectives. To
the other extreme it is also those everyday financial accounting systems that
are used to ensure basic control is maintained over financial recordkeeping
activities.
Financial accounting systems and subsystems are just one type of institutional
MIS. Financial accounting systems are an important functional element or part
of the total MIS structure. However, they are more narrowly focused on the
internal balancing of an institution's books to the general ledger and other
financial accounting subsystems. For example, accrual adjustments,
reconciling and correcting entries used to reconcile the financial systems to
the general ledger are not always immediately entered into other MIS systems.
Accordingly, although MIS and accounting reconcilement totals for related
listings and activities should be similar, they may not necessarily balance.
An institution's MIS should be designed to achieve the following goals:
• Enhance communication among employees.
• Deliver complex material throughout the institution.
• Provide an objective system for recording and aggregating information.
• Reduce expenses related to labor-intensive manual activities.
• Support the organization's strategic goals and direction.
Because MIS supplies decision makers with facts, it supports and enhances the
overall decision making process. MIS also enhances job performance
throughout an institution. At the most senior levels, it provides the data and
information to help the board and management make strategic decisions. At
other levels, MIS provides the means through which the institution's activities
are monitored and information is distributed to management, employees, and
customers.
Effective MIS should ensure the appropriate presentation formats and time
frames required by operations and senior management are met. MIS can be
maintained and developed by either manual or automated systems or a
combination of both. It should always be sufficient to meet an institution's
unique business goals and objectives. The effective deliveries of an
institution's products and services are supported by the MIS. These systems
should be accessible and useable at all appropriate levels of the organization.
MIS is a critical component of the institution's overall risk management
strategy. MIS supports management's ability to perform such reviews. MIS
should be used to recognize, monitor, measure, limit, and manage risks. Risk
management involves four main elements:
• Policies or practices.
• Operational processes.
• Staff and management.
• Feedback devices.
Frequently, operational processes and feedback devices are intertwined and
cannot easily be viewed separately. The most efficient and useable MIS
should be both operational and informational. As such, management can use
MIS to measure performance, manage resources, and help an institution
comply with regulatory requirements. One example of this would be the
managing and reporting of loans to insiders. MIS can also be used by
management to provide feedback on the effectiveness of risk controls.
Controls are developed to support the proper management of risk through
the institution's policies or practices, operational processes, and the
assignment of duties and responsibilities to staff and managers.
Technology advances have increased both the availability and volume of
information management and the directors have available for both planning
and decision making. Correspondingly, technology also increases the
potential for inaccurate reporting and flawed decision making. Because data
can be extracted from many financial and transaction systems, appropriate
control procedures must be set up to ensure that information is correct and
relevant. In addition, since MIS often originates from multiple equipment
platforms including mainframes, minicomputers, and microcomputers, controls
must ensure that systems on smaller computers have processing controls that
are as well defined and as effective as those commonly found on the
traditionally larger mainframe systems.
All institutions must set up a framework of sound fundamental principles that
identify risk, establish controls, and provide for effective MIS review and
monitoring systems throughout the organization. Commonly, an organization
may choose to establish and express these sound principles in writing. The
OCC fully endorses and supports placing these principles in writing to
enhance effective communications throughout the institution. If however,
management follows sound fundamental principles and governs the risk in the
MIS Review area, a written policy is not required by the OCC. If sound
principles are not effectively practiced, the OCC may require management to
establish written MIS policies to formally communicate risk parameters and
controls in this area.
NOOPUR GARG
BBA/4536/07
Comments