Document the organization's business processes., CC ID: 13035
Establish, implement, and maintain a Governance, Risk, and Compliance framework., CC ID: 01406
Establish, implement, and maintain system administration procedures., CC ID: 16481
Establish, implement, and maintain a Service Management System., CC ID: 13889
Establish, implement, and maintain a network management program., CC ID: 13123
Establish, implement, and maintain an Asset Management program., CC ID: 06630
Establish, implement, and maintain a customer service program., CC ID: 00846
Establish, implement, and maintain an Incident Response program., CC ID: 00579
Establish, implement, and maintain a performance management standard., CC ID: 01615
Establish, implement, and maintain a collection management program., CC ID: 14013
Perform automated processes according to business requirements., CC ID: 14325
Establish, implement, and maintain an accounting system., CC ID: 08950
Provide language analysis support, as necessary., CC ID: 14084
Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839
Establish, implement, and maintain a cost management program., CC ID: 13638
Establish, implement, and maintain a change control program., CC ID: 00886
Establish, implement, and maintain a disability accessibility program., CC ID: 06191
Establish, implement, and maintain production process control procedures., CC ID: 06209
Document the organization's local environments., CC ID: 06726
Manage the creation of products and services, as necessary., CC ID: 13497
Establish and maintain a service catalog., CC ID: 13634
Introduce randomness into organizational operations and assets., CC ID: 10650
Conduct official proceedings, as necessary., CC ID: 13836
Establish, implement, and maintain a claims management system., CC ID: 14336
Establish, implement, and maintain a registration database., CC ID: 15048
Establish, implement, and maintain an artificial intelligence system., CC ID: 14943
Establish, implement, and maintain a declaration of conformity., CC ID: 15038
Establish, implement, and maintain an environmental management system., CC ID: 14945
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
App 2-1 Item Number IV.1(2): The operational management rules must be based on the operation management design. This is a control item that constitutes a greater risk to financial information. This is an IT general control.
App 2-1 Item Number IV.2(3): The organization must ensure operations are sta… (App 2-1 Item Number IV.1(2), App 2-1 Item Number IV.2(3), Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standards)
Standard § I.1 ¶ 2: Management is required to design and effectively operate processes and ensure all internal controls are in place.
Practice Standard § I.5(1): Management should ensure it properly understands the IT environment and uses IT effectively and efficiently.
Practice Standard § III.… (Standard § I.1 ¶ 2, Practice Standard § I.5(1), Practice Standard § III.4(2)[2].B.b, On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting, Provisional Translation)
O45: For head and branch offices and affiliated channels in retail stores and distribution outlets, the organization shall establish operational management methods for smooth operations and take precautions against illicit withdrawals to ensure the security of CDs/ATMs and unmanned branches.
O45.2: … (O45, O45.2, T16, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
The organization should develop a framework for managing risk that should cover the organization's appetite and tolerance for risk. (¶ 737, Basel II: International Convergence of Capital Measurement and Capital Standards - A Revised Framework)
A data management review should be performed and should, at a minimum, consider the management of data. (App A.4 (Recommendations for Data Management), IIA Global Technology Audit Guide (GTAG) 4: Management of IT Auditing)
The organization must ensure that all operations associated with the identified significant risks and consistent with the organizational resilience management policy, impact analysis, risk assessment, targets, and objectives are identified and planned to ensure they are being executed under specific… (§ 4.4.6, Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009)
Successful ICT. An organization should include the following activities within security management; Planning, Implementation, and Operations and maintenance. (§ 6.1, ISO 13335-1 Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management, 2004)
Organizational personnel should review the implementation, configuration, and management of the system, infrastructure, and procedures to ensure they are consistent with the organization's privacy policies. If any inconsistencies are identified, they should be corrected in a timely manner. (ID 1.2.4, AICPA/CICA Privacy Framework)
Interview management and review the operations information request to identify:
⪠Any significant changes in business strategy or activities that could affect the operations environment;
⪠Any material changes in the audit program, scope, or schedule related to operations; ⪠Changes to interna… (Exam Tier I Obj 1.3, FFIEC IT Examination Handbook - Operations, July 2004)
