Back

Establish, implement, and maintain a succession plan for organizational leaders and support personnel.


CONTROL ID
11822
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a personnel management program., CC ID: 14018

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Roles and responsibilities, including requirements for the qualification of the personnel and the establishment of substitution arrangements (Section 5.2 SA-01 Basic requirement ¶ 1 Bullet 3, Cloud Computing Compliance Controls Catalogue (C5))
  • Take expedient actions regarding job changes, especially job terminations. Knowledge transfer should be arranged, responsibilities reassigned and access rights removed such that risks are minimised and continuity of the function is guaranteed. (PO7.8 Job Change and Termination, CobiT, Version 4.1)
  • Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control. (§ 3 Principle 4 Points of Focus: Plans and Prepares for Succession, COSO Internal Control - Integrated Framework (2013))
  • succession planning for the critical roles in the organization, including emergency succession arrangements; (§ 6.3.3.2.2 ¶ 2 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control. (CC1.4 ¶ 3 Bullet 4 Plans and Prepares for Succession, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • To prepare for succession, the board of directors and management must develop contingency plans for assigning responsibilities important to enterprise risk management. In particular, succession plans for key executives need to be defined, and succession candidates should be trained, coached, and men… (Preparing for Succession ¶ 1, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control. (CC1.4 Plans and Prepares for Succession, Trust Services Criteria)
  • Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control. (CC1.4 ¶ 3 Bullet 4 Plans and Prepares for Succession, Trust Services Criteria, (includes March 2020 updates))
  • Staff and management succession plans; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 1 Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Internal reorganizations. (App A Objective 1:3 i., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • There are provisions for management succession that provide for an acceptable transition in the event of the loss of a key IT manager or staff member. (App A Objective 5:2 a., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • The level of planning for management succession; (TIER II OBJECTIVES AND PROCEDURES A.1 Bullet 6, FFIEC IT Examination Handbook - Audit, April 2012)