Back

Include enterprise architecture in the Governance, Risk, and Compliance framework.


CONTROL ID
13266
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Governance, Risk, and Compliance framework., CC ID: 01406

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Establish an IT architecture board to provide architecture guidelines and advice on their application, and to verify compliance. This entity should direct IT architecture design, ensuring that it enables the business strategy and considers regulatory compliance and continuity requirements. This is r… (PO3.5 IT Architecture Board, CobiT, Version 4.1)
  • Architectural designs and integration across the entity. (App A Objective 2:4a Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • In larger or more complex entities, determine whether management considered using EA to align its architecture with the entity's strategic plans and business functions. Describe management's implementation of EA and use of architecture frameworks, if appropriate. Regardless of entity size, determine… (App A Objective 12:6, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Evaluation of architecture, including the entity's current architecture and whether it meets enterprise-wide business and strategic plan objectives. (App A Objective 2:5c, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Financial institution boards of directors should oversee, while senior management should implement, a governance structure that includes the following: - Effective IT governance. - Appropriate oversight of IT activities. - Comprehensive IT management, including the various roles played by management… (I Governance, FFIEC Information Technology Examination Handbook - Management, November 2015)