... governance function requires active management participation, the proper forum to make IT related decisions, and effective communication between the IT organization and the company's management ... for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the IT organization. 5.0 ... segregation, recovery/data availability, change management, user provisioning and de-provisioning, personnel practices, incident response plans, and investigative/management support, as well as the issues...