Back

Identify and document the events that initiate the decision management strategy.


CONTROL ID
06914
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a decision management strategy., CC ID: 06913

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In this regard it is necessary to ascertain whether all the safeguards initially derived from the requirements can be afforded. If there are safeguards that are not economical, alternative safeguards for fulfilling such requirements should be considered. There are many possible solutions also regard… (§ 9.2 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The board of directors retains oversight responsibility for management’s design, implementation, and conduct of internal control: – Control Environment — Establishing integrity and ethical values, oversight structures, authority and responsibility, expectations of competence, and accountabilit… (§ 3 Principle 2 Points of Focus: Provides Oversight for the System of Internal Controls, COSO Internal Control - Integrated Framework (2013))
  • The organization shall identify the events that initiates the decision-making process. (§ 6.3.3.3(a)(2), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • The organization should implement the risk management framework by: - developing an appropriate plan including time and resources; - identifying where, when and how different types of decisions are made across the organization, and by whom; - modifying the applicable decision-making processes wher… (§ 5.5 ¶ 1, ISO 31000 Risk management - Guidelines, 2018)
  • recognizing and identifying the dilemma; (§ 6.7.3.4 ¶ 2 a), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Data and information provided to the board and senior management allow them to make strategic decisions. (App A Objective 3:6 c., FFIEC Information Technology Examination Handbook - Management, November 2015)