The session explored:
  • Strategic Alignment with business unit to ensure compliance requirement are met
  • How to deliver value and improve performance by managing risk.
  • Reduce Costs by Simplifying the process



Dennis Lee, Head of IT Governance and Control, Asia Pacific, Nomura International
Fuller Yu, Vice President, Resiliency & IT Risk Management, Treasury & Securities Services, APAC, J.P. Morgan
Jenny Lam, Executive Manager, Audit, The Hong Kong Jockey Club



Dennis Lee 
  • IT governance is an emerging concept of how to provide a management framework of technology operations to meet business and control objectives. Though it’s easy to understand the concept, it requires professional management experience to implement framework as it involves change management in both people and processes.


  • The success of IT governance model can be measured through maturity process model.   A mature organization could consistently demonstrate robust policies and standards hierarchy, clear product pricing strategy, sophisticated project management framework, standardization of services delivery, and aggregated risk portfolio.


  • Increasing focus in IT governance and control due to higher scrutiny of regulators in Finance industry.   Outsourcing / Offshoring technology operations, mobile / cloud computing, business continuity, and low latency electronic trading continue to be top focus by regulators.
Jenny Lam 
  • IT governance extends beyond the IT organization and should be focused on business alignment, value delivery and risk management.  Collaboration with other corporate governance functions such as ERM, Compliance Office, Audit, Legal etc. is important.


  • Metrics and measurement are important for the governance function to demonstrate values.  Values can be cost savings from different means such as standardization of controls to enable effective demonstration for reduction in audit fees and resources (both internal, external and regulatory audits), help desk cost reduction (e.g. self-service of password resets, SSO etc.), optimization or automation of IT controls (e.g. IAM) etc.


  • GRC (Governance, Risk and Compliance) is getting more management attention.  How and where to converge with various governance processes and methodologies needs to be clearly understood and defined.
Fuller Yu
  • IT governance can be treated as IT demand governance (do the right things) and IT supply governance (do things right). Demand side focus on ensuring IT decisions aligns with business goals, fits into corporate governance, made by good structure, while Supply side focus on effectiveness, efficiency, and risk management.


  • IT governance is essential to enterprises with operations in APAC where we see more complex, demanding and sometimes conflicting requirements from regulators.


  • Compliancy serves the purpose of the baseline to ensure minimal controls, structures and processes are in place and IT governance goes further to make ourselves have the right tools to tackle actual business demands and technical issues in a more sustainable manner.


For further information, please contact:


[email protected]


Leave a Reply

You must be logged in to post a comment.