Risk IT Framework - Revision history

User at 19:23, 10 August 2023

2023-08-10T19:23:16Z

User at 13:47, 25 July 2023

2023-07-25T13:47:40Z

User at 14:09, 21 January 2023

2023-01-21T14:09:23Z

User at 15:24, 20 January 2023

2023-01-20T15:24:06Z

Show changes

User at 01:46, 23 July 2022

2022-07-23T01:46:34Z

User at 21:35, 9 February 2022

2022-02-09T21:35:46Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T18:05:50Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 19:24, 28 May 2020

2020-05-28T19:24:22Z

User at 21:29, 1 April 2020

2020-04-01T21:29:56Z

User at 20:58, 1 April 2020

2020-04-01T20:58:24Z

@@ Line 1: / Line 1: @@
 == What is the Risk IT Framework? ==
-Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater returns with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends COBIT, the globally recognized IT Governance Framework, and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture, and IT service delivery problems.
+Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater returns with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)|COBIT]], the globally recognized [[IT Governance Framework]], and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture, and IT service delivery problems.
 The '''Risk IT Framework''' provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for governing and managing IT risk. For users of COBIT and Val IT Framework, this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes, and performance management of each process. The model is divided into the following three domains, each of which contains three processes:
-*Risk Governance:
+*[[Risk Governance]]:
 **Establish and maintain a common risk view
-**Integrate with enterprise risk management and
+**Integrate with [[Enterprise Risk Management (ERM)|enterprise risk management]] and
 **Make risk-aware business decisions
-*Risk Evaluation:
+*Risk  Evaluation:
 **Collect data
 **Analyze risk
@@ Line 16: / Line 16: @@
 **React to events<ref>[http://dl.acm.org/citation.cfm?id=1823048 Defining Risk IT Framework]</ref>
-The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk-related components within the current [[Information Systems Audit and Control Association (ISACA)|ISACA]] frameworks, i.e., COBIT and Val IT.<ref>[https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx What Does Risk IT Framework Mean?]</ref>
+The Risk IT Framework fills the gap between generic Risk Management Frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk-related components within the current [[Information Systems Audit and Control Association (ISACA)|ISACA]] frameworks, i.e., COBIT and [[Val IT Framework]].<ref>[https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx What Does Risk IT Framework Mean?]</ref>
@@ Line 40: / Line 40: @@
 == Risk IT Domains and Processes<ref>[https://en.wikipedia.org/wiki/Risk_IT Risk IT Domains and Processes]</ref> ==
 The three domains of the Risk IT framework are listed below with the contained processes (three by domain); each process contains a number of activities:
-*Risk Governance: Ensure that IT risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted returns. It is based on the following processes:
+*Risk Governance: Ensure that IT risk management  practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted returns. It is based on the following processes:
 **RG1 Establish and Maintain a Common Risk View
 **RG1.1 Perform enterprise IT risk assessment

← Older revision		Revision as of 13:47, 25 July 2023
Line 16:		Line 16:
	**React to events<ref>[http://dl.acm.org/citation.cfm?id=1823048 Defining Risk IT Framework]</ref>		**React to events<ref>[http://dl.acm.org/citation.cfm?id=1823048 Defining Risk IT Framework]</ref>

−	The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk-related components within the current ISACA frameworks, i.e., COBIT and Val IT.<ref>[https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx What Does Risk IT Framework Mean?]</ref>	+	The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk-related components within the current [[Information Systems Audit and Control Association (ISACA)\|ISACA]] frameworks, i.e., COBIT and Val IT.<ref>[https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx What Does Risk IT Framework Mean?]</ref>

← Older revision		Revision as of 14:09, 21 January 2023
Line 170:		Line 170:

	== See Also ==		== See Also ==
		+	[[IT Governance]]

@@ Line 1: / Line 1: @@
-'''Risk IT''' is a set of proven, real-world practices that helps enterprises achieve their [[goals]], seize opportunities and seek greater return with less risk. It works at the intersection of [[business]] and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)| COBIT]], the globally recognized [[IT Governance Framework|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance|compliance]], misalignment, obsolete IT [[architecture]] and IT [[service]] delivery problems. The Risk IT [[Framework]] provides a set of guiding principles and supporting practices for enterprise [[management]], combined to deliver a comprehensive [[process]] [[model]] for [[Information Technology Risk (IT Risk)|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk [[Governance]], Risk [[Evaluation]], Risk Response each containing three processes: [[Risk Governance]] Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect [[data]] Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>
+'''Risk IT''' is a set of proven, real-world practices that helps enterprises achieve their [[goals]], seize opportunities and seek greater return with less risk. It works at the intersection of [[business]] and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)| COBIT]], the globally recognized [[IT Governance Framework|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance|compliance]], misalignment, obsolete IT [[architecture]] and IT [[service]] delivery problems. The Risk IT [[Framework]] provides a set of guiding principles and supporting practices for enterprise [[management]], combined to deliver a comprehensive [[process]] [[model]] for [[Information Technology Risk (IT Risk)|governing and managing IT risk]]. For users of [[COBIT (Control Objectives for Information and Related Technology)|COBIT]] and [[Val IT Framework]], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk [[Governance]], Risk [[Evaluation]], Risk Response each containing three processes: [[Risk Governance]] Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect [[data]] Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>
@@ Line 13: / Line 13: @@
 principles on which the framework is built, i.e., effective enterprise governance and management of IT risk, as shown in figure below:
 • Always connect to business objectives
-• Align the management of IT-related business risk with overall [https://cioindex.com/reference/an-introduction-to-enterprise-risk-management-erm/ ERM], if applicable, i.e., if [https://cioindex.com/reference/an-introduction-to-enterprise-risk-management-erm/ ERM] is implemented in the enterprise
+• Align the management of IT-related business risk with overall [[Enterprise Risk Management (ERM)|ERM]], if applicable, i.e., if ERM is implemented in the enterprise
 • Balance the costs and benefits of managing IT risk
 • Promote fair and open communication of IT risk

← Older revision		Revision as of 21:35, 9 February 2022
Line 1:		Line 1:
−	'''[[Risk]] IT''' is a set of proven, real-world practices that helps enterprises achieve their [[goals]], seize opportunities and seek greater return with less risk. It works at the intersection of [[business]] and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized [[IT Governance Framework\|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT [[architecture]] and IT [[service]] delivery problems. The Risk IT [[Framework]] provides a set of guiding principles and supporting practices for enterprise [[management]], combined to deliver a comprehensive [[process]] [[model]] for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk [[Governance]], Risk [[Evaluation]], Risk Response each containing three processes: [[Risk Governance]] Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect [[data]] Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>	+	'''Risk IT''' is a set of proven, real-world practices that helps enterprises achieve their [[goals]], seize opportunities and seek greater return with less risk. It works at the intersection of [[business]] and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized [[IT Governance Framework\|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT [[architecture]] and IT [[service]] delivery problems. The Risk IT [[Framework]] provides a set of guiding principles and supporting practices for enterprise [[management]], combined to deliver a comprehensive [[process]] [[model]] for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk [[Governance]], Risk [[Evaluation]], Risk Response each containing three processes: [[Risk Governance]] Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect [[data]] Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>

@@ Line 1: / Line 1: @@
-'''Risk IT''' is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)| COBIT]], the globally recognized [[IT Governance Framework|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance|compliance]], misalignment, obsolete IT architecture and IT service delivery problems. The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for [[Information Technology Risk (IT Risk)|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes: Risk Governance Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect data Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>
+'''[[Risk]] IT''' is a set of proven, real-world practices that helps enterprises achieve their [[goals]], seize opportunities and seek greater return with less risk. It works at the intersection of [[business]] and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)| COBIT]], the globally recognized [[IT Governance Framework|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance|compliance]], misalignment, obsolete IT [[architecture]] and IT [[service]] delivery problems. The Risk IT [[Framework]] provides a set of guiding principles and supporting practices for enterprise [[management]], combined to deliver a comprehensive [[process]] [[model]] for [[Information Technology Risk (IT Risk)|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk [[Governance]], Risk [[Evaluation]], Risk Response each containing three processes: [[Risk Governance]] Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect [[data]] Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>
@@ Line 30: / Line 30: @@
 **RG1.2 Propose IT risk tolerance thresholds
 **RG1.3 Approve IT risk tolerance
-**RG1.4 Align IT risk policy
+**RG1.4 Align IT risk [[policy]]
 **RG1.5 Promote IT risk aware culture
 **RG1.6 Encourage effective communication of IT risk
 **RG2 Integrate With ERM
 **RG2.1 Establish and maintain accountability for IT risk management
-**RG2.2 Coordinate IT risk strategy and business risk strategy
+**RG2.2 Coordinate IT risk [[strategy]] and business risk strategy
 **RG2.3 Adapt IT risk practices to enterprise risk practices
 **RG2.4 Provide adequate resources for IT risk management
@@ Line 66: / Line 66: @@
 **RR1 Articulate Risk
 **RR1.1 Communicate IT risk analysis results
-**RR1.2 Report IT risk management activities and state of compliance
+**RR1.2 Report IT risk management activities and state of [[compliance]]
 **RR1.3 Interpret independent IT assessment findings
 **RR1.4 Identify IT related opportunities
 **RR2 Manage Risk
-**RR2.1 Inventory controls
+**RR2.1 [[Inventory]] controls
 **RR2.2 Monitor operational alignment with risk tolerance thresholds
 **RR2.3 Respond to discovered risk exposure and opportunity
@@ Line 86: / Line 86: @@
 *Inputs and Outputs
 *[[RACI Matrix|RACI charts]]
-*Goal and metrics
+*Goal and [[metrics]]
-'''Risk IT Process Model '''- see illustration below<br />
+'''Risk IT [[Process Model]] '''- see illustration below<br />
 [[File:RiskIT3.png|400px|Risk IT Process Model]]<br />
 source: [http://slideplayer.com/slide/2352919/ Urs Fischer, CISA, CRISC]
@@ Line 95: / Line 95: @@
 '''RiskIT - Implementation Approach'''<ref>An Implementation Approach to the Risk IT Framework [https://www.isaca.org/Knowledge-Center/cobit/Pages/Risk-IT-Case-Study-Risk-IT-Framework-for-IT-Risk-Management-A-Case-Study-of-National-Stock-Exchange-of-India-Limited.aspx Sunil Bakshi]</ref><br />
-The implementation approach for the risk framework at NSE, (National Stock Exchange) the largest stock exchange in  India is described in the figure below:
+The implementation approach for the risk framework at NSE, (National [[Stock]] Exchange) the largest stock exchange in  India is described in the figure below:
@@ Line 104: / Line 104: @@
 The implementation of risk management was conducted at two levels:<br />
 *1. Develop risk register for business functions.
-*2. Define aggregation process to arrive at an organization-level risk profile.
+*2. Define aggregation process to arrive at an [[organization]]-level risk profile.
@@ Line 116: / Line 116: @@
 *Generate risk profile for inherent risk (risk without considering controls).
 *Determine response options.
-*Identify and assess controls from control catalog.
+*Identify and assess controls from [[control]] catalog.
 *Identify positive (excess) and negative (missing) control gaps.
 *Define a plan for closing control gaps.
@@ Line 140: / Line 140: @@
 *A better view of IT-related risk and its financial implications
 *Fewer operational surprises and failures
-*Increased information quality
+*Increased information [[quality]]
-*Greater stakeholder confidence and reduced regulatory concerns
+*Greater [[stakeholder]] confidence and reduced regulatory concerns
 *Innovative applications supporting new business initiatives
 '''The Cons of Risk IT'''<ref>The Cons of Risk IT [https://cmu95752.wordpress.com/2012/07/22/risk-it-a-risk-management-framework-by-information-technology-governance-institute-itgi/ cmu]</ref><br />
-*While the framework’s purpose and design are to address Risk IT, the framework has been recently developed and therefore, the assessments of touted benefits are not available for longer terms.
+*While the framework’s purpose and [[design]] are to address Risk IT, the framework has been recently developed and therefore, the assessments of touted benefits are not available for longer terms.
 *The framework is left flexible and therefore, the incorrect or less robust implementation may not be able to provide the benefits, and may leave un-addressed or undetected risks within the enterprise IT organization.
 *The framework is maintained and published by ISACA, and not adopted by any standards body, such as ANSI, etc. but instead is based on best practices and therefore, the acceptability of the framework may not have wider appeal.

← Older revision		Revision as of 19:24, 28 May 2020
Line 1:		Line 1:
−	Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized [[IT Governance Framework\|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT architecture and IT service delivery problems. The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes: Risk Governance Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect data Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>	+	'''Risk IT''' is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized [[IT Governance Framework\|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT architecture and IT service delivery problems. The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes: Risk Governance Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect data Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>


−	The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT.<ref>What is the Risk IT Framework [https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx isaca.org]</ref>	+	The '''Risk IT Framework''' fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT.<ref>What is the Risk IT Framework [https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx isaca.org]</ref>

← Older revision		Revision as of 21:29, 1 April 2020
Line 1:		Line 1:
−	Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized IT ~~governance framework~~, and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT architecture and IT service delivery problems. The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes: Risk Governance Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect data Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>	+	Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends [[COBIT (Control Objectives for Information and Related Technology)\| COBIT]], the globally recognized [[IT Governance Framework\|IT Governance Framework]] , and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, [[Compliance\|compliance]], misalignment, obsolete IT architecture and IT service delivery problems. The Risk IT Framework provides a set of guiding principles and supporting practices for enterprise management, combined to deliver a comprehensive process model for [[Information Technology Risk (IT Risk)\|governing and managing IT risk]]. For users of [https://cioindex.com/reference/an-introduction-to-cobit/ COBIT] and [https://cioindex.com/reference/understanding-val-it/ Val IT], this process model will look familiar. Guidance is provided on the key activities within each process, responsibilities for the process, information flows between processes and performance management of each process. The model is divided into three domains Risk Governance, Risk Evaluation, Risk Response each containing three processes: Risk Governance Establish and maintain a common risk view Integrate with [[Enterprise Risk Management (ERM)\|enterprise risk management]] Make risk-aware business decisions Risk Evaluation Collect data Analyze risk Maintain risk profile Risk Response Articulate risk Manage risk React to events.<ref>Definition - Risk IT Framework [http://dl.acm.org/citation.cfm?id=1823048 ACM Digital Library]</ref>

@@ Line 167: / Line 167: @@
 *[[Risk Mitigation]]<br />
 *[[Risks Analysis]]<br />
 *[[IT_Governance|IT Governance]]<br />
 *[[ITIL_(Information_Technology_Infrastructure_Library)|ITIL]]<br />
@@ Line 178: / Line 179: @@
 *[[Capability_Maturity_Model_Integration_(CMMI)|CMMI]]<br />
 *[[IT_Assurance_Framework_(ITAF)|IT Assurance Framework (ITAF)]]<br />