Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Control System, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities
An entity’s controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. Consequently, IT policies, directives, standards, procedures, and rules should have a one-to-one or one-to-many correspondence with the assessed effectiveness and efficiency in addressing managements risk appetite. Within this context, IT control policies and directives are commonly considered high-level governance documentation while standards, procedures, and rules are commonly considered detail-level governance documentation. Since IT managers plan, direct, and support technology deployments; an IT manager’s duties should include establishing departmental policies, procedures, and standards for ensuring the right-sizing of IT controls.
“View Part I of the Right-sizing IT Controls series here“