2023 IT Examiner School

Internal Use Only

Risk Assessment: Board Responsibilities  The Board is responsible for communicating their risk tolerance to management.  Board should review and approve the risk assessment annually.  Risk decisions (acceptance/exceptions) should be made at the Board and/or executive management level and be documented.  Board minutes should support for answers provided by management during discussions (approval/discussion of risk assessment findings, risk acceptance decisions, etc.).

Internal Use Only