OR-01 IT Operations & Resilience

IT Governance & Oversight

Technology is governed with clear accountability.

Domain: IT Operations & Resilience
Control type: Preventive/Detective
Automated / manual: Manual
Frequency: Periodic
Framework reference: COBIT EDM; MAS TRM – Governance

What good looks like

An IT governance structure operates under a charter with regular meetings.

Risk if it fails

Misaligned, unaccountable IT decisions.

How Tess tests it

2 tests — each concludes only on cited evidence.

Governance charter/committee defined

Design

Procedure: Inspect the charter.
Expected: Charter exists with remit.
Sample: 1 (design inspection)
Evidence: Charter, committee minutes.

Committee met & exercised oversight

Operating

Procedure: Inspect minutes for the period.
Expected: Active oversight evidenced.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Charter, committee minutes.

Evidence Tess looks for

Charter, committee minutes.

More in IT Operations & Resilience

OR-02 IT & Information Security Policies OR-03 IT Risk Assessment OR-04 Asset & Configuration Management OR-05 Regulatory & Compliance Monitoring

Want Tess to test OR-01 against your evidence?