After completion of governance planning and organizing; policies direct employee activity to ensure management’s intentions are implemented throughout the entity. Strategically; IT policies are definite courses or methods of action selected by management from alternatives, considering the environment, to guide as well as determine present and future decisions.
Internal control systems are designed and operated in order to achieve the goals set in adopted governance policies or to comply with adopted governance policies. As a result, implementing an internal control system enables continuous as well as static monitoring to determine the rate of noncompliance with expected behavior.
“View Part I of the Governing IT: Policy Formulation and Enforcement series here“