Scribd Logo
Upload

Welcome to Scribd!

  • Risk It Framework Notes

    Uploaded by

    Juliet Peñaranda
    73 views2 pages
    RISK

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    RISK

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    73 views2 pages

    Risk It Framework Notes

    Uploaded by

    Juliet Peñaranda
    RISK

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    RISK IT FRAMEWORK

    The Risk IT framework is to be used to help implement IT IT RISK IN BUSINESS TERMS


    governance, and enterprises that have adopted (or are planning to
    adopt) COBIT as their IT governance framework can use Risk IT
    to enhance risk management.

    COBIT Information Criteria (Business Requirements for


    Information)
    The COBIT information criteria allow for the expression of
    business aspects related to the use of IT. They express a condition
    to which information (in the widest sense), as provided through
    IT, must conform for it to be beneficial to the enterprise.
    The business impact of any IT-related event lies in the
    consequence of not achieving the information criteria. By
    IT Risk Categories describing impact in these terms, this remains a sort of
    intermediate technique, not fully describing business impact, e.g.,
    impact on customers or in financial terms.

    COBIT Business Goals and Balanced Scorecard


    A further technique is based on the ‘business goals’ concept
    introduced in COBIT. Indeed, business risk lies in any combination
    of those business goals not being achieved. The C OBIT business
    goals are structured in line with the four classic balanced
    scorecard (BSC) perspectives: financial, customer, internal and
    growth.

    Extended BSC Criteria


    A variant of the approach described in the previous section,
    COBIT Business Goals and Balanced Scorecard, goes one step
    further, linking the BSC dimensions to a limited set of more
    IT benefit/value enablement risk tangible criteria. The set of criteria described in figure 12 can be
    used selectively, and the user should be aware that there are still
    - Associated with (missed) opportunities to use cause-effect relationships included in this table (e.g., customer
    [dis]satisfaction can impact competitive advantage and/or market
    technology to improve efficiency or share). Usually a subset of these criteria is used to express risk in
    effectiveness of business processes, or as an business terms.
    enabler for new business initiatives.
    Westerman 4 ‘A’s
    IT programme and project delivery risk - which defines IT risk as the potential for an unplanned
    event involving IT to threaten any of four interrelated
    IT operations and service delivery enterprise objectives
    1. Agility – possess the capability to change with managed
    cost and speed.
    2. Accuracy – provide correct, timely and complete
    information that meets the requirements of management,
    staff, customers, suppliers and regulators.
    3. Access – ensure appropriate access to data and systems,
    so that the right people have the access they need and
    the wrong people do not.
    4. Availability – keep the systems (and their business
    processes) running, and recover from interruptions.
    Risk responses
    COSO ERM

    Criteria:
    1. Strategic
    2. Operations
    3. Reporting
    4. Compliance

    FAIR
    The FAIR method is security-oriented in origin, but the impact
    criteria apply to all IT-related risks.

    IT Risk Scenarios mechanisms:

    You might also like