IT Examiner School eBook

Internal Use Only

Board Responsibilities Set the tone, strategic direction, and risk tolerance

Review and approve management’s decisions regarding the handling of residual risk

Approve applicable policies

Budget for appropriate resources to meet IT goals and objectives

Internal Use Only

Management Responsibilities

Control risk activities

Oversee day-to-day IT operations and manage vendor relationships

Develop, implement and enforce applicable policies, procedures, and other mitigating controls

Provide regular reporting to Board and executive management