IT Governance, Risk, and Compliance

Apr 29 2011   8:28PM GMT

Right-sizing IT Controls – Part VII

Robert Davis Robert Davis Profile: Robert Davis

An entity’s controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. Consequently, IT policies, directives, standards, procedures, and rules should have a one-to-one or one-to-many correspondence with the assessed effectiveness and efficiency in addressing managements risk appetite. Within this context, IT control policies and directives are commonly considered high-level governance documentation while standards, procedures, and rules are commonly considered detail-level governance documentation. Since IT managers plan, direct, and support technology deployments; an IT manager’s duties should include establishing departmental policies, procedures, and standards for ensuring the right-sizing of IT controls.

View Part I of the Right-sizing IT Controls series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: