IT Examiner School

Governance Structure Can take many forms depending on size & complexity

Appropriate Reporting Lines

Board

Management

Board & Management Responsibilities • Planning involves identifying short- and long-term strategies for achieving goals. • Directing refers to the establishment of policies, standards, and procedures that describe how the business will meet its goals. • Organizing involves establishing the personnel practices (e.g., recruiting, staffing, and training) that are needed to meet the defined business goals. • Controlling refers to management's ability to manage the institution's IT activities in order to reduce and/or prevent risk. Note that proper planning, directing, and organizing are controls in and of themselves.