IT Examiner School, Providence, RI
Board and Management Oversight Board of Directors Should set (or at least approve) policies and procedures to implement the Information Security Program (ISP) and also to manage IT and operational risks Designate someone to oversee the ISP on a day-to-day basis Review and approve (or take part in) an IT strategic plan that aligns with the overall business strategy Oversee the adequacy and allocation of IT resources for funding and personnel. Oversee and receive updates on major IT projects, IT budgets, IT priorities, and overall IT performance Hold management accountable for identifying, measuring, and mitigating IT risks. Provide for independent, comprehensive, and effective audit (or other forms of testing) of IT controls
Board and Management Oversight (continued)
Executive and Senior Management Executive and Senior Management develops the strategic plans and objectives for the institution and sets the budget for the allocation of resources to achieve these objectives. Executive and Senior Management should understand at a high level the IT risks faced by the institution and ensure that those risks are included in the institution’s risk assessments. IT Management Assess the institution’s inherent IT risks across the institution (the risk assessment process is the next topic). Provide regular reports to the Executive Management and the Board on IT risks, IT strategies, and IT changes. Establish and coordinate priorities between the IT department and lines of business. Implement effective processes for IT risk management.
Made with FlippingBook Annual report