IT Examiner School - Oct 2023

First page Table of contents Previous page 63 Next page Last page

Internal Use Only

Board Responsibilities Set the tone, strategic direction, and risk tolerance

Review and approve management’s decisions regarding the handling of residual risk

Approve applicable policies

Budget for appropriate resources to meet IT goals and objectives

7

Internal Use Only

Management Responsibilities

Control risk activities

Oversee day-to-day IT operations and manage vendor relationships

Develop, implement and enforce applicable policies, procedures, and other mitigating controls

Provide regular reporting to Board and executive management

8

Made with FlippingBook - professional solution for displaying marketing and sales documents online