2023 IT Examiner School

Internal Use Only

Management Module Conclusions • Management has significant responsibilities in overseeing IT activities • Poor oversight could cause reputational risk • Could result in significant impact to entity • Statutes & Guidance • Establish best practices • Establish requirements • IT findings usually occur because: • Management didn’t adequately perform their duties and responsibilities

Internal Use Only

Management Module Conclusions (continued)

The IT Examination Program is a management focused approach • Do not focus solely on technical issues • Assess management’s actions in relation to the technical issues • Assess how well management is carrying out its responsibilities regarding planning, directing, organizing & controlling the risks related to IT