Enterprise Risk: Identify, Govern and Manage IT Risk

Enterprise Risk: Identify, Govern and Manage IT Risk

Artikel erschienen in IT Magazine 2011/06


A Risk Management Framework addresses many issues enterprises face today, notably their need for:

- An accurate view of current and near-future IT-related risks throughout the extended enterprise and the success with which the enterprise is addressing IT risk

- End-to-end guidance on how to manage IT-related risks, beyond both purely technical control measures and security

- Understanding of how to capitalise on an investment made in an IT internal control system already in place to manage IT-related risk

- When assessing and managing IT risk, integration with the overall risk and compliance structures within the enterprise

- A common framework/language to help manage the relationship amongst executive decision makers (board/senior management), the chief information officer (CIO) and enterprise risk management, or between auditors and management

- Promotion of risk responsibility and its acceptance throughout the enterprise

- A complete risk profile to better understand risk, so as to better utilise company resources

IT Risk Management Principles

Guiding principles for effective management of IT risk should be based on generally accepted enterprise risk management principles (COSO, ISO31000 etc.), which should be applied to the domain of IT. ISACA’s Risk IT process model is designed and structured to enable enterprises to apply the principles in practice and to benchmark their performance. The principles are split in a governance part and a management part:

- Effective enterprise governance of IT risk:
> Always connects to business objectives
> Aligns the management of IT-related business risk with overall enterprise risk management
> Balances the costs and benefits of managing risk

- Effective management of IT risk:
> Promotes fair and open communication of IT risk
> Establishes the right tone from the top while defining and enforcing personal accountability for operating within acceptable and well-defined tolerance levels
> Is a continuous process and part of daily activities

Neuen Kommentar erfassen

Anti-Spam-Frage Aus welcher Stadt stammten die Bremer Stadtmusikanten?