Welcome » IT Booklets » Management » IT Risk Management Process » IT Controls Implementation
Financial institution management should implement satisfactory control practices as part of its overall IT risk mitigation strategy. These practices should include:
This section provides guidelines for controls that will reduce risk when effectively implemented. These guidelines are applicable to both in-house and external provider situations. The financial institution should review and assess external provider practices for consistency with these guidelines. Identified gaps represent increased risk, which management should mitigate before establishing a formal relationship.