Chapter 1
Concepts of Governance and Management of Information Systems
Risk Management
There are various sources of risks
Commercial and legal relationships
Economic circumstances
Human behavior
Technology and Technical Issues
Political Circumstances
Natural Events
Management activities and controls
Individual activities
Characteristics of Risks
There are various characteristics of risks. Risk have Loss potential that exists as the result of threat.
Uncertainty of loss expressed in terms of probability of such loss and likelihood of threat agent causing a specific attack against a particular system.
There are various Risk Related Terms that i think you can read from your study material provided by ICAI.
RISK MANAGEMENT IN COBIT 5
As we have already discussed in previous post that COBIT 5 have governance process and management process.
Here, under risk management governance process ensure risk optimization( i.e. risk is managed at optimal level that is acceptable to company given the cost of optimization) and on the other hand management domain process manage risk.
Governance Process= Ensure Risk Optimization
The process provides guidance on how to ensure that IT related risk doesn't exceed risk appetite and risk tolerance. This process ensures that enterprise risk appetite and tolerance are understood, articulated and communicated and risk to enterprise is identified
WHY to understand, articulate, identify and communicate risk appetite.?
because for providing guidance above process is necessary.
i.e. in governance domain only guidance is given on how to reduce risk but actual action is taken in Management domain only.
Management Domain Process= Manage Risk i.e. continually identifying, assessing and reducing IT Related Risk within tolerance level. i,e, here action is taken.
In COBIT 5 management of IT Related Risk is integrated with overall enterprise risk management and balance cost and benefits of managing IT Related Enterprise Risk.
In Short, Both Governance and Management process ensures risk management.
Key Governance Practices for Evaluating Risk Management- V. imp.
1.) Evaluate Risk Management
1.) Consider whether enterprise risk appetite is appropriate.
2.) Consider whether risk to enterprise value related to the use of IT are identified and managed.
i.e. here we have only to consider
2.) Direct Risk Management
Direct ( here word direct means to give direction) establishment of risk management practices to provide reasonable assurance that IT Risk Management practices are appropriate to ensure that the actual IT risk doesn't exceed the board risk appetite.
3.) Monitor Risk Management
Monitor the key goals of risk management process and establish how deviations or problems will be identified, tracked and reported on for remediation.
Key Management practices for implementing risk management
1.) Collect Data-------- For risk identification, analysis.
2.) Analyze Risk------- By Developing useful information from data collected to support decisions that will be made to minimize risk.
3.) Maintain a risk profile------- It is basically risk inventory including frequency expected of risk, Potential risk and various responses.
4.) Articulate Risk to all required stakeholders.
5.) Define risk management action portfolio-----These are basically risk management strategies.
6.) Respond to Risk-----in timely manner with effective measures to reduce magnitude of loss.
Concepts of Governance and Management of Information Systems
Risk Management
There are various sources of risks
Commercial and legal relationships
Economic circumstances
Human behavior
Technology and Technical Issues
Political Circumstances
Natural Events
Management activities and controls
Individual activities
Characteristics of Risks
There are various characteristics of risks. Risk have Loss potential that exists as the result of threat.
Uncertainty of loss expressed in terms of probability of such loss and likelihood of threat agent causing a specific attack against a particular system.
There are various Risk Related Terms that i think you can read from your study material provided by ICAI.
RISK MANAGEMENT IN COBIT 5
As we have already discussed in previous post that COBIT 5 have governance process and management process.
Here, under risk management governance process ensure risk optimization( i.e. risk is managed at optimal level that is acceptable to company given the cost of optimization) and on the other hand management domain process manage risk.
Governance Process= Ensure Risk Optimization
The process provides guidance on how to ensure that IT related risk doesn't exceed risk appetite and risk tolerance. This process ensures that enterprise risk appetite and tolerance are understood, articulated and communicated and risk to enterprise is identified
WHY to understand, articulate, identify and communicate risk appetite.?
because for providing guidance above process is necessary.
i.e. in governance domain only guidance is given on how to reduce risk but actual action is taken in Management domain only.
Management Domain Process= Manage Risk i.e. continually identifying, assessing and reducing IT Related Risk within tolerance level. i,e, here action is taken.
In COBIT 5 management of IT Related Risk is integrated with overall enterprise risk management and balance cost and benefits of managing IT Related Enterprise Risk.
In Short, Both Governance and Management process ensures risk management.
Key Governance Practices for Evaluating Risk Management- V. imp.
1.) Evaluate Risk Management
1.) Consider whether enterprise risk appetite is appropriate.
2.) Consider whether risk to enterprise value related to the use of IT are identified and managed.
i.e. here we have only to consider
2.) Direct Risk Management
Direct ( here word direct means to give direction) establishment of risk management practices to provide reasonable assurance that IT Risk Management practices are appropriate to ensure that the actual IT risk doesn't exceed the board risk appetite.
3.) Monitor Risk Management
Monitor the key goals of risk management process and establish how deviations or problems will be identified, tracked and reported on for remediation.
Key Management practices for implementing risk management
1.) Collect Data-------- For risk identification, analysis.
2.) Analyze Risk------- By Developing useful information from data collected to support decisions that will be made to minimize risk.
3.) Maintain a risk profile------- It is basically risk inventory including frequency expected of risk, Potential risk and various responses.
4.) Articulate Risk to all required stakeholders.
5.) Define risk management action portfolio-----These are basically risk management strategies.
6.) Respond to Risk-----in timely manner with effective measures to reduce magnitude of loss.
What is risk analysis process? and there is the part of finance. If you want to help in Finance Assignment. Then you should contact EssayCorp.
ReplyDeleteVery useful article on the COBIT.
ReplyDeleteCOBIT online training delivery is a specialty of Consultants Factory. We’re among the best to offer it. We’ve trained 5000+ candidates across India, UAE & Saudi Arabia.
cobit training cost
https://sreemon4.wixsite.com/mysite/blog/it-governance-risk-compliance
ReplyDeleteI have read your blog, It is very useful ,Thank you very much.
ReplyDeleteStock Option Tips Provider In India
Equity Premium Tips
It’s really great information for becoming a better Blogger. Keep sharing, Thanks. For more details to visit risk management certificate course
ReplyDeleteAwesome post with wonderful piece of information. Thanks for taking time to share this with us. Looking forward for more posts from you. Check this out: Top Threat Management solution Companies
ReplyDeleteNice post ! Thanks for the share in Risk Management.
ReplyDelete