IT Examiner School - Oct 2025

10/3/2025

Internal Use Only

How Governance Is Achieved • Through management structure & the Board of Directors • Assignment of responsibilities & authority covering • Central oversight & coordination • Risk assessment & measurement • Monitoring & testing • Reporting • Acceptable residual risk • Establishment of policies, procedures & standards • With at least annual review/approval • Allocation of resources • Monitoring • Accountability

Internal Use Only

Governance Structure Can take many forms depending on size & complexity

Board of Directors

Appropriate Reporting Lines

Management

2