Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2009 ISACA/ITGI. All rights reserved.. ISACA At-a-Glance Founded in 1969; non-profit, independent association that helps members achieve greater trust.

Published byHenry Castleton Modified over 10 years ago

Similar presentations

Presentation on theme: "©2009 ISACA/ITGI. All rights reserved.. ISACA At-a-Glance Founded in 1969; non-profit, independent association that helps members achieve greater trust."— Presentation transcript:

1 ©2009 ISACA/ITGI. All rights reserved.

2 ISACA At-a-Glance Founded in 1969; non-profit, independent association that helps members achieve greater trust in, and value from, their information systems More than 86,000 constituents in 160 countries More than 180 chapters worldwide Sponsors international conferences and education Publishes original research Develops international IS audit and control standards Offers CISA, CISM and CGEIT certifications Developed and continually updates the C OBI T, Val IT and Risk IT frameworks, which help professionals and enterprise leaders fulfil their IT governance responsibilities and deliver value to their business

3 ©2009 ISACA/ITGI. All rights reserved. Risk IT A Balance is Essential Risk and value are two sides of the same coin Risk is inherent to all enterprises But… Need to ensure opportunities for value creation are not missed by trying to eliminate all risk

4 ©2009 ISACA/ITGI. All rights reserved. Risk IT Why Care About IT-related Risk? Enterprises are dependent on automation and integration Need to cross IT silos of risk management Important to integrate with existing levels of risk management practices

5 ©2009 ISACA/ITGI. All rights reserved. Risk IT Manage and Capitalise on Business Risk Enterprises achieve return by taking risks Some try to eliminate the very risks that drive profit Guidance was needed on how to manage risk effectively

6 ©2009 ISACA/ITGI. All rights reserved. Risk IT Includes The Risk IT Framework Summary + Core Framework Helps convey the risk landscape and processes and prioritise activities Available as a free download to all The Risk IT Practitioner Guide Provides practical guidance on improving risk management activities Available as a free download for ISACA members only Both publications are available for purchase in print version www.isaca.org/riskit

7 ©2009 ISACA/ITGI. All rights reserved. Risk IT Risk IT is the first global IT-related risk guidance to provide a comprehensive view of business risks related to IT initiatives. Risk IT helps enterprises manage risk to achieve goals, seize opportunities and seek greater return. Although it is based on, and extends C OBI T, Risk IT provides excellent stand- alone guidance. C OBI T is a Rosetta Stone to other guidance. Risk IT helps integrate other generic and domain-specific risk management standards and practices. Risk IT comes from ISACA, whose volunteers produce living guidance.

8 ©2009 ISACA/ITGI. All rights reserved. Extends C OBI T and Val IT Risk IT complements and extends C OBI T and Val IT to make a more complete IT governance guidance resource.

9 ©2009 ISACA/ITGI. All rights reserved. Risk IT Developed by ISACA International Experts IT and business leaders from around the world who are members of ISACA volunteered thousands of hours to share their expertise The development team provided an exposure draft, which resulted in 1,700 SME and public comments

10 ©2009 ISACA/ITGI. All rights reserved. Risk IT IT-related Risk Management Risk IT is not limited to information security. It covers all IT-related risks, including: Late project delivery Not achieving enough value from IT Compliance Misalignment Obsolete or inflexible IT architecture IT service delivery problems

11 ©2009 ISACA/ITGI. All rights reserved. Risk IT Unique to the Marketplace Provides a balanced view of an enterprises IT- related business risks: Brings together all aspects of IT risk, including value, change, availability, security, project and recovery Links with enterprisewide risk management concepts and approaches, such as COSO ERM, ARMS and ISO 31000 Other standards and frameworks are either too generic (e.g., ERM-oriented) or too focused on one aspect (e.g., IT security) (see next slide) Offers a single, comprehensive view of IT-related business risks, which can cost companies millions annually in lost revenues and opportunities

12 ©2009 ISACA/ITGI. All rights reserved. Where Risk IT Fits In Standards and frameworks are available, but are either too: –Generic enterprise risk management oriented –IT security oriented No comprehensive IT- related risk framework available (until now)

13 ©2009 ISACA/ITGI. All rights reserved. Risk IT What it Offers Provides guidance to help executives and management ask the key questions, make better, more informed risk-adjusted decisions and guide their enterprises so risk is managed effectively Helps save time, cost and effort with tools to address business risks Integrates the management of IT-related business risks into overall enterprise risk management Helps leadership understand the enterprises risk appetite and risk tolerance Provides practical guidance driven by the needs of enterprise leadership around the world

14 ©2009 ISACA/ITGI. All rights reserved. Risk IT Who Benefits from Risk IT? All enterprises that use IT, whether one-person shops or multinational conglomerates Can be customised for any type of enterprise in any geographic location Specifically: Boards and executive management; C-suiteIT security managers Corporate and operational risk managersEnterprise governance officers IT managementBusiness managers IT service managersIT and external auditors Regulators

15 ©2009 ISACA/ITGI. All rights reserved. Risk IT Practitioner-driven Requirements Developed to fill the needs of enterprise leaders Functional Requirements Link to business risk management approaches Use an end-to end business process performance approach Integrate silos of technology risk management Non-functional/Ease of Use Requirements Practical stand-alone guidance; extends C OBI T and Val IT Continuous process model, supported by maturity models and practical tools Includes a framework and good practice guidance

16 ©2009 ISACA/ITGI. All rights reserved. Risk IT Guiding Principles of Risk IT Always connect to enterprise objectives Align the management of IT-related business risk with overall enterprise risk management Balance the costs and benefits of managing risk Promote fair and open communication of IT risk Establish the right tone from the top while defining and enforcing personal accountability for operating within acceptable and well- defined tolerance levels Understand that this is a continuous process and an important part of daily activities

17 ©2009 ISACA/ITGI. All rights reserved. The What The Risk IT Framework Key Content Risk management essentials In Risk Governance: Risk appetite & tolerance, responsibilities and accountability for IT risk management, awareness and communication, and risk culture In Risk Evaluation: Describing business impact and risk scenarios In Risk Response: Key risk indicators (KRI) and risk response definition and prioritisation Section on how Risk IT extends and enhances C OBI T and Val IT Note: Risk IT does not require the use of C OBI T or Val IT. Each process model section: Descriptions Input-output tables RACI (Responsible, Accountable, Consulted, Informed) table Goals and Metrics Table Maturity model is provided for each domain Appendices Reference materials High-level comparison of Risk IT to other risk management frameworks and standards Glossary

18 ©2009 ISACA/ITGI. All rights reserved. Risk ITs Three Domains

19 ©2009 ISACA/ITGI. All rights reserved. Risk IT Essentials of the Three Domains Risk Governance Responsibility and accountability for risk Risk appetite and tolerance Awareness and communication Risk culture

20 ©2009 ISACA/ITGI. All rights reserved. Risk IT Essentials of the Three Domains Risk Evaluation Risk scenarios Business impact descriptions

21 ©2009 ISACA/ITGI. All rights reserved. Risk IT Essentials of the Three Domains Risk Response Key risk indicators (KRIs) Risk response definition and prioritisation

22 ©2009 ISACA/ITGI. All rights reserved. The How The Risk IT Practitioner Guide Key Content Review of the Risk IT process model Risk IT to C OBI T and Val IT How to use it 1.Define a risk universe and scoping risk management 2.Risk appetite and risk tolerance 3.Risk awareness, communication and reporting: includes key risk indicators, risk profiles, risk aggregation and risk culture 4.Express and describe risk: guidance on business context, frequency, impact, C OBI T business goals, risk maps, risk registers 5.Risk scenarios: includes capability risk factors and environmental risk factors 6.Risk response and prioritisation 7.A risk analysis workflow: swim lane flow chart, including role context 8.Mitigation of IT risk using C OBI T and Val IT Mappings: Risk IT to other risk management standards and frameworks Glossary

23 ©2009 ISACA/ITGI. All rights reserved. Risk Response Definition The purpose of defining a risk response is to bring risk in line with the defined risk tolerance for the enterprise after due risk analysis. In other words, a response needs to be defined such that future residual risk (=current risk with the risk response defined and implemented) is as much as possible (usually depending on budgets available) within risk tolerance limits.

24 ©2009 ISACA/ITGI. All rights reserved. Risk IT Benefits and Outcomes Accurate view on current and near-future IT-related events End-to-end guidance on how to manage IT-related risks Understanding of how to capitalise on the investment made in an IT internal control system already in place Integration with the overall risk and compliance structures within the enterprise Common language to help manage the relationships Promotion of risk ownership throughout the organisation Complete risk profile to better understand risk

25 ©2009 ISACA/ITGI. All rights reserved. Questions? ISACA Thank You! 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 info@isaca.org www.isaca.org

Download ppt "©2009 ISACA/ITGI. All rights reserved.. ISACA At-a-Glance Founded in 1969; non-profit, independent association that helps members achieve greater trust."

Similar presentations

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)
1 2009 ISACA All rights reserved. Unlocking the Value of Technology Investments Speaker Name/Title Date.

ISACA All rights reserved. Unlocking the Value of Technology Investments Speaker Name/Title Date.
COBIT 5 and GRC Date.

COBIT 5 and GRC Date.
ISACA Guidance and Practices Committee

ISACA Guidance and Practices Committee
IT Governance Framework

IT Governance Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
1 Transforming Enterprise IT Speaker Name/Title Date.

1 Transforming Enterprise IT Speaker Name/Title Date.
Enterprise IT Governance with COBIT – Part V

Enterprise IT Governance with COBIT – Part V
Enterprise Risk Management in DHHS

Enterprise Risk Management in DHHS
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.

Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.
Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Systemise your compliance management Peter Scott Consulting
The ISO 9000 family of standards

The ISO 9000 family of standards
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction

Similar presentations

Ads by Google