It looks like banking and technology are coming from different planets and consequently do not speak a common language. Small financial institutions like hedge funds are looking to invest in technology, but tend to avoid it. Most of the hedge funds outsource their IT departments and thereby believe that they have also outsourced their responsibility to monitor and control risks in their IT solutions.
According to Banks of the Future, as technology will increase, its influence in future technology related due diligence will gain more attention and will be seen as the main tool to prevent risk and control a future bank. Below is an example of the hedge fund business:
We have seen over the past few years how issues like Madoff, MF Global could have been avoided through robust transparent IT due diligence. IT due diligence can be and should be seen as a step to negate the effects of catastrophe failures in businesses. The ongoing financial crisis since 2008 has forced all to start looking at existing procedures with a fresh pair of eyes to reduce risks/costs and hence increasing productivity. As the existing solutions might be based on traditional patterns of thinking, which will lead us to form a tunnel vision. As the emphasis in today's due diligence processes is mainly business-related, in addition to the usually investigated risk factors, there are a number of other sources of risks like outsourced IT solutions that might be significant in amount and at the same time go past unnoticed.
As the financial processes became more IT reliant the improvements in technology are never ending. Financial institutions have always implemented new adjustments to the existing solutions and this is why IT is continuously working on finding a new more intelligent way in order to increase productivity and reduce risks/costs. What if the state of the art IT solutions complicate your infrastructure so that mistakes are easily made without being noticed? Can IT be more simplified so that technology chaos for business is avoided?
A robust IT system means that the implemented solutions (even if it is outsourced) and the daily procedures around it are reviewed by risk reduction analysts (RRA) on a regular basis to ensure that after a change related to IT or business the interest of certain investment strategy and the guidelines/regulations complement each other. Don't bring 3 to 10 experts from business, IT and audit to talk as we all know what the hidden risks on collaborations and communications are. RRA is a person who has working experience in IT as well as working experience in various business areas and understands the weaknesses of the areas and in addition the person has worked as an auditor and is therefore more sensitive to risk. A Hedge Fund Manager could also provide IT Due Diligence from a RRA's perspective for their overall infrastructure to their investors, no matter which part of the solution is outsourced such as trading, settlement, reporting, controlling audit regulation/taxation, etc.