IT Examiner School, Palm Springs, CA

Effective Governance Practices • There are a variety of ways our financial institutions can achieve effective Governance practices, but policies, procedures, and standards are often the foundation. Policies, procedures, and standards should: – Be designed, approved, and implemented enterprise-wide – Provide appropriate guidance and standards for ALL current IT activities – Be tailored to the organization’s unique characteristics – Conform to regulatory guidance and/or legal standards – Provide for appropriate employee awareness training – Reviewed and approved annually by the Board & documented in the Board minutes (Policies—not always procedures/standards)

Board and Management Responsibilities

• Planning involves identifying short- and long-term strategies for achieving goals. • Directing refers to the establishment of policies, standards, and procedures that describe how the business will meet its goals. • Organizing involves establishing the personnel practices (e.g., recruiting, staffing, and training) that are needed to meet the defined business goals. • Controlling refers to management's ability to manage the institution's IT activities in order to reduce and/or prevent risk. Note that proper planning, directing, and organizing are controls in and of themselves.