IT Examiner School, Seaside, CA

IT Management

How Governance Is Achieved

• Through management structure and the Board of Directors • Assignment of responsibilities and authority covering

– Central oversight and coordination – Risk assessment and measurement – Monitoring and testing – Reporting – Acceptable residual risk • Establishment of policies, standards, and procedures – With at least annual review/approval • Allocation of resources • Monitoring • Accountability