IT Examiner School, Seaside, CA

Management Module Conclusions

• Management has significant responsibilities in overseeing IT activities

– Poor oversight could cause reputational risk – Could result in significant impact to entity

• Statutes and Guidance – Establish best practices – Establish requirements

• IT findings usually occur because: – Management didn’t adequately perform their duties and responsibilities

Management Module Conclusions (cont)

• The IT Examination Program is a management-focused approach – Do not focus solely on technical issues – Assess management’s actions in relation to the technical issues – Assess how well management is carrying out its responsibilities regarding planning, directing, organizing, and controlling the risks related to IT