IT Examiner School eBook May 2025

Internal Use Only

Development & Acquisition Additional Risk Considerations

Governance Practices Clearly define responsibilities, enhance transparency, and facilitate effective oversight and informed decision-making.

Strategic Alignment Ensure IT solutions strategically align and actively support business objectives and organizational needs.

Effective Communication Board and IT management oversight committees provide transparency, accountability, and timely decisions through clear communication of project statuses, risks, and milestones to stakeholders. Policies, Standards & Procedures Comprehensive, Board-approved policies and standards foster consistency, efficiency, and reliability, significantly reducing risks of project failures and operational disruptions.

Qualified Personnel Assign qualified individuals to oversee security, audit processes, and testing activities within technology projects.

System Lifecycle Management Establish robust lifecycle management practices to proactively identify and replace aging systems approaching end-of-life.

Internal Use Only

Initial Vendor Due Diligence A proper due diligence process should focus on the prospective third party’s: • Ability to provide the services needed • Knowledge & experience of applicable laws and regulations • Reputation (check references, public information, litigation) • Scope of operations and deliverables (can they provide adequate service and support?) • Effectiveness of controls (will they make audit reports available?) • Use of subcontractors and other parties • Financial condition • Industry expertise