IT Examiner School eBook May 2025

Internal Use Only

MIS Reports

MIS Reports must be: • Regularly reviewed • Understood/explained • Utilized

Internal Use Only

Risk Mitigation “Tools” • Properly identified risks prioritized for importance/criticality • Independent Audits • Appropriate IT policies, procedures, and standards • Appropriate IT system & application security controls and timely monitoring • Vulnerability Assessment and Pen Tests • Dual controls/separation of duties • Cybersecurity reviews/audits • Strong vendor management controls

20