IT Examiner School eBook May 2025

Internal Use Only

IT Management Component Rating – Key Considerations  Level and quality of oversight  Reporting  Policies and Procedures  Compliance  Succession Planning

 Vendor Oversight  Risk Assessments

Internal Use Only

Decision Factors

M.1. The level and quality of oversight and support of IT activities by the Board of Directors and Management.

M.2. The ability of management to provide information reports necessary for informed planning and decision making in an effective and efficient manner.

M.3. The adequacy of, and conformance with, internal policies and controls addressing IT operations and risks of significant business activities.

M.4. The level of awareness of and compliance with laws and regulations.

M.5. The level of planning for management succession.

M.6. The adequacy of contracts and management’s ability to monitor relationships with third party services.

M.7 . The adequacy of risk assessment processes to identify, measure, monitor, and control risks.