Enterprise Risk: Identify, Govern and Manage IT Risk

Enterprise Risk: Identify, Govern and Manage IT Risk

4. Juni 2011 - ISACA’s research publications «The Risk IT Framework» & «Risk IT Practitioner Guide» are dedicated to helping enterprises manage IT-related risk.
Artikel erschienen in IT Magazine 2011/06
By Urs Fischer, eidg. dipl. Wirtschaftsprüfer, CRISC, CISA, Fischer IT GRC Beratung & Schulung

IT risk» as defined by the «Risk IT Framework», is the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.

IT risk consists of IT-related events that could potentially impact the business. It is characterised by both uncertain frequency and magnitude, and it creates challenges in meeting strategic goals and objectives as well as uncertainty in the pursuit of opportunities. IT risk can be categorised as (refer to Figure 1):

- IT service delivery risk, which is associated with the performance and availability of IT services

- IT solution delivery/benefit realisation risk, which is associated with the contribution of IT to new or improved business solutions, usually in the form of projects and programmes

- IT benefit realisation risk, which is associated with (missed) opportunities to use technology to improve efficiency or effectiveness of business processes, or to use technology as an enabler for new business initiatives – IT risk always exists, whether or not it is detected or recognised by an organisation.
Figure 1 – IT Risk Categories
Figure 2 – Risk Analysis and Risk Response Overview
Figure 3 – IT Risk Scenario Development
Figure 4 – IT Risk Scenario Components

IT Risk Management Objectives

As risk management is a pervasive and strategic requirement in any enterprise, the main objectives of an IT Risk Management Framework are to enable users to:

- Integrate the management of IT risk into the overall enterprise risk management of the organisation

- Make well-informed decisions about the extent of the risk, the risk appetite and the risk tolerance of the enterprise

- Understand how to respond to the risk

In summary, Risk Management allows an enterprise to make appropriate risk-adjusted decisions.
Seite 1 von 4

Neuen Kommentar erfassen

Anti-Spam-Frage Wie hiess im Märchen die Schwester von Hänsel?