CobiT definition:
A risk management framework is created and maintained. The framework documents a common and agreed-upon level of IT risks, mitigation strategies and residual risks. Any potential impact on the goals of the organisation caused by an unplanned event is identified, analysed and assessed. Risk mitigation strategies are adopted to minimise residual risk to an accepted level. The result of the assessment is understandable to the stakeholders and expressed in financial terms, to enable stakeholders to align risk to an acceptable level of tolerance.
Control over the IT process of
Assess and manage IT risks
that satisfies the business requirement for IT of
analysing and communicating IT risks and their potential impact on business processes and goals
by focusing on
development of a risk management framework that is integrated in business and operational risk management frameworks, risk assessment, risk mitigation and communication of residual risk
is achieved by
- Ensuring that risk management is fully embedded in management processes, internally and externally, and consistently applied
- Performing risk assessments
- Recommending and communicating risk remediation action plans
and is measured by
- Percent of critical IT objectives covered by risk assessment
- Percent of identified critical IT risks with action plans developed
- Percent of risk management action plans approved for implementation
Control objectives:
PO9 Assess and Manage IT Risks
PO9.1 IT Risk Management Framework
PO9.2 Establishment of Risk Context
PO9.3 Event Identification
PO9.4 Risk Assessment
PO9.5 Risk Response
PO9.6 Maintenance and Monitoring of a Risk Action Plan
Check out the links for details on the control objectives.
Related posts:
- DS1 Define and Manage Service Levels CobiT definition: Effective communication between IT management and business customers regarding services required is enabled by a documented definition of...
- AI6 Manage Changes CobiT definition: All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally...
- PO5 Manage the IT Investment CobiT definition: A framework is established and maintained to manage IT-enabled investment programmes and that encompasses cost, benefits, prioritisation within...
- PO6 Communicate Management Aims and Direction CobiT definition: Management develops an enterprise IT control framework and defines and communicates policies. An ongoing communication programme is implemented...
- PO10 Manage Projects CobiT definition: A programme and project management framework for the management of all IT projects is established. The framework ensures...
