IT Examiner School eBook May 2025

Internal Use Only

Board & Management Responsibilities

Planning Directing Organizing Controlling

Internal Use Only

Board Responsibilities Set the tone, strategic direction, and risk tolerance Take ultimate responsibility for risk management Review and approve management’s decisions regarding the handling of residual risk Approve applicable policies Budget for appropriate resources to meet IT goals and objectives Review Audit Reports