Board of Directors and Senior Management
Senior management and the board of directors are responsible for ensuring IT operates in a safe, sound, and efficient manner throughout the institution. Because information systems-whether centralized or distributed-are tightly interconnected and highly interdependent, failure to adequately supervise any part of the IT environment can heighten potential risks for all elements of IT operations and the business as a whole. As a result, the board and senior management should coordinate IT controls throughout the institution's operating environment including all outsourcing and third-party arrangements.
Although senior management and the board can delegate implementation and oversight of daily operations to information technology management, they have final responsibility for safe, sound, controlled, and efficient operations. Consequently, the board and senior management are responsible for understanding the risks associated with existing and planned IT operations, determining the risk tolerance of the institution, and establishing and monitoring policies for risk management. The board and senior management are also responsible for strategic technology planning, which is critical to effective IT governance. The IT Handbook's "Management Booklet" addresses the role of senior management and the board.
Roles and Responsibilities