An entity’s oversight committee should provide internal and external controls due diligence. In this regard, entity oversight committees normally delegate responsibility, accountability, and authority to an audit oversight committee that: evaluates project controls, interfaces with auditors and provides direction on audit priorities.
Furthermore, an entity’s oversight committee should provide investments due diligence through an IT strategy committee. In this regard, the IT strategy committee should delegate responsibility, accountability, and authority to an IT group or individual that: evaluates the IT project portfolio, interfaces with project managers and provides direction on project priorities.
“View Part I of the Common Risk Determinants for an IT Architecture series here“