Isaca, "The Risk IT Framework"
English | 2009 | ISBN: 1604201118 | PDF | pages: 107 | 4.4 mb
English | 2009 | ISBN: 1604201118 | PDF | pages: 107 | 4.4 mb
Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends COBIT, the globally recognized IT governance framework, and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.
The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for governing and managing IT risk. For users of COBIT and Val IT, this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes:
Risk Governance
- Establish and maintain a common risk view
- Integrate with enterprise risk management
- Make risk-aware business decisions
Risk Evaluation
- Collect data
- Analyze risk
- Maintain risk profile
Risk Response
- Articulate risk
- Manage risk
- React to events