Skip to main content

RISK MANAGEMENT IN COBIT 5

Chapter 1
Concepts of Governance and Management of Information Systems
Risk Management

There are various sources of risks 

Commercial and legal relationships
Economic circumstances
Human behavior
Technology and Technical Issues
Political Circumstances
Natural Events
Management activities and controls
Individual activities

Characteristics of Risks

There are various characteristics of risks. Risk have Loss potential that exists as the result of threat.
Uncertainty of loss expressed in terms of probability of such loss and likelihood of threat agent causing a specific attack against a particular system.

There are various Risk Related Terms that i think you can read from your study material provided by ICAI.

                                                      RISK MANAGEMENT IN COBIT 5

As we have already discussed in previous post that COBIT 5 have governance process and management process.

Here, under risk management governance process ensure risk optimization( i.e. risk is managed at optimal level that is acceptable to company given the cost of optimization) and on the other hand management domain process manage risk.

Governance Process= Ensure Risk Optimization

The process provides guidance on how to ensure that IT related risk doesn't exceed risk appetite and risk tolerance. This process ensures that enterprise risk appetite and tolerance are understood, articulated and communicated and risk to enterprise is identified

WHY to understand, articulate, identify and communicate risk appetite.?

because for providing guidance above process is necessary.

 i.e. in governance domain only guidance is given on how to reduce risk but actual action is taken in Management domain only.

Management Domain Process= Manage Risk i.e. continually identifying, assessing and reducing IT Related Risk within tolerance level. i,e, here action is taken.

In COBIT 5 management of IT Related Risk is integrated with overall enterprise risk management and balance cost and benefits of managing IT Related Enterprise Risk.

In Short, Both Governance and Management process ensures risk management.

Key Governance Practices for Evaluating Risk Management- V. imp.

 1.) Evaluate Risk Management

1.) Consider whether enterprise risk appetite is appropriate.
2.) Consider whether risk to enterprise value related to the use of IT are identified and managed.

i.e. here we have only to consider

2.) Direct Risk Management

 Direct ( here word direct means to give direction) establishment of risk management practices to provide reasonable assurance that IT Risk Management practices are appropriate to ensure that the actual IT risk doesn't exceed the board risk appetite.

3.) Monitor Risk Management

Monitor the key goals of risk management process and establish how deviations or problems will be identified, tracked and reported on for remediation.

Key Management practices for implementing risk management

1.) Collect Data-------- For risk identification, analysis.
2.) Analyze Risk------- By Developing useful information from data collected to support decisions that will be made to minimize risk.
3.) Maintain a risk profile------- It is basically risk inventory including frequency expected of risk, Potential risk and various responses.
4.) Articulate Risk to all required stakeholders.
5.) Define risk management action portfolio-----These are basically risk management strategies.
6.) Respond to Risk-----in timely manner with effective measures to reduce magnitude of loss.





















Labels:

Comments

  1. Steffan Scott24 March 2018 at 05:19

    What is risk analysis process? and there is the part of finance. If you want to help in Finance Assignment. Then you should contact EssayCorp.

    ReplyDelete
  2. Unknown1 October 2018 at 02:11

    Very useful article on the COBIT.

    COBIT online training delivery is a specialty of Consultants Factory. We’re among the best to offer it. We’ve trained 5000+ candidates across India, UAE & Saudi Arabia.
    cobit training cost

    ReplyDelete
  3. Sree22 October 2018 at 04:22

    https://sreemon4.wixsite.com/mysite/blog/it-governance-risk-compliance

    ReplyDelete
  4. wealthbuildup6 June 2019 at 03:22

    I have read your blog, It is very useful ,Thank you very much.
    Stock Option Tips Provider In India
    Equity Premium Tips

    ReplyDelete
  5. Law Skills8 June 2019 at 00:13

    It’s really great information for becoming a better Blogger. Keep sharing, Thanks. For more details to visit risk management certificate course

    ReplyDelete
  6. Anonymous22 August 2019 at 02:32

    Awesome post with wonderful piece of information. Thanks for taking time to share this with us. Looking forward for more posts from you. Check this out: Top Threat Management solution Companies

    ReplyDelete
  7. mexcontrol20 January 2021 at 00:59

    Nice post ! Thanks for the share in Risk Management.

    ReplyDelete

Post a Comment

Popular posts from this blog

Difference Between IT Governance and GEIT (Governance of enterprise IT)

Chapter 1 Concepts of governance and management of enterprise IT DIFFERENCE BETWEEN IT GOVERNANCE AND GEIT According to our study material, IT Governance refers to the system in which directors of the enterprise evaluate, direct and monitor (First they evaluate i.e. form an opinion, then they direct i.e. what should be done and then in last they monitor i.e. what should be done is actually being done.)  IT Management to ensure  effectiveness, accountability and compliance  of IT. My dear friends, note the line (effectiveness, accountability and compliance of IT) i.e. only of IT. Now what is GEIT???? lets start with a definition..... GEIT is the system by which IT activities in a company are directed and controlled to achieve business objectives with the ultimate objective of meeting stakeholders needs.  And as given in earlier post  Corporate Governance  is a system by which  company  is  directed and controlled  to achieve objectives of increasing stakeholder
8 comments
Read more

Work Day Interface PECI (Human Capital Management) Introduction

Workday is a very popular Human Capital Management Software but they do not have good Payroll Processing Capabilities which is the final outcome of a Human Capital Software. To address this, they have given a good interface i.e. PECI Interface i.e. (Payroll Effective Change Interface). It is latest interface version given by Workday for integrating Human Capital Software with a Payroll and Statutory Compliance Software for calculating organisation tax compliance and Employee Salary. In this article, let us discuss the strengths and weakness of Workday interface and how organisations can overcome that. Strengths: This workday interface extract all the transactions in XML format which is very easy to analyse and study for any potential error or gap. It works on Pay Group ID logic where data is interfaced as per pay group id mapped to employees. With each transaction, Workday PECI use 'Update' or 'Added' Flag so Payroll vendor can easily identify the tran
6 comments
Read more

Macau (SAR) Tax with Calculator

Link to Macau Tax Calculator:  http://www.dsf.gov.mo/tax/tax_downloadapps.aspx?lang=en Introduction ·          Individuals are subject to tax on income arising in Macau. Residency of an individual has no significance in determining tax liability. ·          Professional Tax is imposed on employment and self-employment income arising in Macau. For the purpose of tax, taxpayers are divided into employees and professional practitioners. ·          Tax Year End is 31st December. ·          PAYE System is used to withhold taxes ·          TFN: When an individual commences employment, they will be requested to quote their Tax File Number (TFN) to their employer. ·          Tax Amount is rounded up to the nearest dollar. ·          When are estimates/prepayments/withholding of tax due in Macau? For example: monthly, annually, both, and so on. ·          Monthly for expatriates, quarterly for Macau residents and non-residents with a working permit. Types of Taxable C
8 comments
Read more