Welcome » IT Booklets » Management » III IT Risk Management » III.D Monitoring and Reporting » III.D.4 Policy Compliance
Management should develop, implement, and monitor a process to
measure IT compliance with the institution's established policies.
In addition to the traditional reliance on internal and third-party
audit functions, the institution should perform periodic
self-assessments. The scope and frequency of self-assessments
depend on the scale and historical performance of the IT function.
Self-assessments provide management with an understanding of
whether the institution is in compliance with the policies approved
by the board.