Welcome » IT Booklets » Management » IT Risk Management Process » Measure and Monitor » Policy Compliance
Financial institutions should develop, implement, and monitor a process to measure IT compliance with their established policies, standards, and practices. In addition to the traditional reliance upon internal and third party audit functions, financial institutions should perform self-assessments on a periodic basis. The scope and frequency of self- assessments will depend upon the scale and historical performance of the IT function. Self-assessment activities broaden management's perspective by involving a varied audience and by requiring acknowledgement of the results by those involved. The self-assessment process can help identify the need for policy changes and updates.