ITGI issues Risk IT Framework for public comment
While COBIT (Control Objectives for Information and related Technology) sets good practices for the means of risk management, the Risk IT Framework sets good practices for the ends by providing a framework for enterprises to identify, govern and (subsequently) manage risk.
The Risk IT Framework explains IT Risk and will enable end users to:
– integrate the management of IT risk into the overall enterprise risk management of the organisation
– make well-informed decisions about the extent of the risk, the risk appetite and the risk tolerance of the enterprise
– understand how to respond to risk
The Risk IT Framework addresses many issues enterprises face today, affording:
– an accurate view of the current and near-future IT-related risks throughout the extended enterprise, and the success with which the enterprise is addressing the risks
– end-to-end guidance on how to manage IT-related risks, beyond both purely technical control measures and security
– an understanding of how to capitalise on an investment made in an IT internal control system already in place to manage IT-related risk
– when assessing and managing IT risk, integration with the overall risk and compliance structures within the enterprise
– a common framework/language to help manage the relationships among executive decision-makers (Board members/senior management), the chief information officer (CIO) and enterprise risk management or between auditors and management
– promotion of risk responsibility and its acceptance throughout the enterprise
– a complete risk profile to better understand risk, so as to better use company resources
Senior executives and Boards of Directors
The Risk IT Framework is designed for top executives and Boards of Directors who need to set direction and monitor risk at the enterprise level. It’s also aimed at managers of IT and business departments who need to define risk management processes, risk management professionals craving specific IT risk guidance and external Stakeholders.
The IT Risk Framework boasts nine business processes divided into three domains: risk governance, risk evaluation and risk response. It also offers management guidelines, RACI (Responsible, Accountable, Consulted and Informed) charts, maturity models and goals and metrics.
As the Risk IT initiative evolves, it will include practitioner guidance, case studies and supporting materials. Additional information is available by clicking on the dedicated web link provided on the right hand panel of this page.
The IT Governance Institute is a non-profit making independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. The organisation was established by the non-profit membership association ISACA in 1998 to help executives and IT professionals ensure that IT delivers value, and that its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed and IT performance is measured.
IT governance responsibilities
The Institute developed COBIT and Val IT, and offers original research and Case Studies to help enterprise leaders and Boards of Directors fulfil their IT governance responsibilities. At the same time, it helps IT professionals deliver value-adding services.
Comments on Enterprise Risk: Identify, Govern and Manage IT Risk: The Risk IT Framework (Risk IT) will be accepted up and until 13 March at www.itgi.org (again, the link is provided)
ITGI issues Risk IT Framework for public comment
While COBIT (Control Objectives for Information and related Technology) sets good practices for the means of risk management, the Risk […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources