Welcome » IT Booklets » Management » IT Risk Management Process » Measure and Monitor » Policy Compliance
Financial institutions should develop, implement, and monitor a
process to measure IT compliance with their established policies,
standards, and practices. In addition to the traditional reliance
upon internal and third party audit functions, financial
institutions should perform self-assessments on a periodic basis.
The scope and frequency of self- assessments will depend upon the
scale and historical performance of the IT function.
Self-assessment activities broaden management's perspective by
involving a varied audience and by requiring acknowledgement of the
results by those involved. The self-assessment process can help
identify the need for policy changes and updates.