Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Management, ITG, ITSM, Performance Measurement, Risk Assessment, Risk Management, Strategic Planning, Value Delivery
Management should monitor and evaluate the entity’s control system by reviewing the results generated through cyclical control activities and special evaluations. Cyclical control activities occur at regular intervals, yet they can vary in ambit. Cyclical control activities encompass comparing physical assets with recorded datum, conducting training seminars, as well as examinations by internal and external auditors. Special evaluations can be of varying frequency and ambit. Special evaluations encompass investigating the impact of an irregularity or illegal act. Deficiencies discovered during cyclical control activities are typically reported to the operational manager as well as senior and executive management; while deficiencies found during special evaluations are usually communicated to senior and executive management as well as the entity’s oversight committee (if one exists).
“View Part I of the Not-for-profit Risk Management series here“