IT Examiner School eBook

Internal Use Only

Management Module Conclusions • Management has significant responsibilities in overseeing IT activities • Poor oversight could cause operational, financial, and reputational risk • Could result in significant impact to entity • Statutes & Guidance • Establish some requirements, push institutions to implement best practices • IT findings usually occur because: • Management didn’t adequately fulfill their duties and responsibilities

Internal Use Only

Management Module Conclusions (continued)

The IT Examination Program is a management focused approach • Do not focus solely on technical issues • Assess management’s actions in relation to the technical issues • Assess how well management is carrying out its responsibilities regarding planning, directing, organizing & controlling the risks related to IT