IT Examiner School eBook

Internal Use Only

Effective Governance Practices There are a variety of ways our financial institutions can achieve effective Governance practices, but policies, procedures, and standards are often the foundation. Policies, procedures, and standards should: • Be designed, approved & implemented enterprise-wide • Provide appropriate guidance & standards for ALL current IT activities • Be tailored to the organization’s unique characteristics • Conform to regulatory guidance and/or legal standards • Provide for appropriate employee awareness training • Reviewed & approved annually by the Board & documented in the Board minutes (Policies—not always procedures/standards)

Internal Use Only

Implement Policies, Procedures, Standards  Provide guidance  Define appropriate behaviors  Can take various shapes/formats  Updated and supplemented as required

 Key policies should be reviewed & approved annually  Employee acknowledgement to abide by them, when hired  Annual awareness training & testing for knowledge