IT Examiner School, Seaside, CA

Core Procedure #3 (Supports Decision Factor M1)

1. Evaluate the adequacy of the short- and long-term IT strategic planning and budgeting process. Consider the following:

▪

Involvement of appropriate parties

▪ Identification of significant planned changes ▪ Alignment of business and technology objectives ▪ Ability to promptly incorporate new or updated technologies to adapt to changing business needs ▪ Coverage of any controls, compliance, or regulatory issues which may arise or need to be considered

The budgeting process includes information security related expenses and tools.

Click here to enter comment

Decision Factor M2, Supporting Procedure #4

M.2. The ability of management to provide information reports necessary for informed planning and decision making in an effective and efficient manner. Refer to Core Analysis Procedure #4.

Click here to enter comment

Strong ☐

Satisfactory ☐

Less than satisfactory ☐

Deficient ☐

Critically deficient ☐

1. Evaluate the adequacy of management information system (MIS) reports (e.g., lending, concentrations, interest rate risk) and the reliability management can place upon those reports in the business decision-making process. Consider the following elements of an effective MIS report:

▪

Timeliness Accuracy Consistency Completeness

▪

▪

▪

▪

Relevance

Control Test Obtain feedback from risk management and compliance examiners regarding the quality and usefulness of reports provided for management decisions.

Click here to enter comment