Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kpmg Information Risk Management IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham.

Published byEmil Jefferson Modified over 9 years ago

Similar presentations

Presentation on theme: "Kpmg Information Risk Management IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham."— Presentation transcript:

1 kpmg Information Risk Management IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham Blain Partner, KPMG Information Risk Management

2 kpmg Information Risk Management Presentation Road Map 1st IT Governance vs Risk Management? 3 rd Roles of Audit and Management 2nd Risk Management & Process Maturity

3 kpmg Information Risk Management IT Governance and Information Risk Management are synonymous… from a certain point of view! Risk is “the chance of something happening that will have an impact on objectives” (AS/NZS 4360) Risk management is “the culture, processes and structure which come together to optimise the management of potential opportunities and adverse threats” (AS/NZS 4360) IT Governance is “A management framework which ensures the delivery of expected benefits of IT in a controlled manner” (Poole V) 1st IT Governance vs Risk Management?

4 kpmg Information Risk Management Risk Management can be practically applied as a comprehensive Governance approach… Risks should be stated in terms of organisational objectives Treatment of risks should comprise a combination of structure, processes, projects and specific actions In the long term, appropriate structure and process maturity should be the goal

5 kpmg Information Risk Management A suggested distinction between inherent and residual risk… Inherent Risk is the chance of something happening that will have an impact on objectives in the absence of structure and processes to optimise opportunities and threats Residual Risk is the chance of something happening that will have an impact on objectives despite the structure and processes that are in place to optimise opportunities and threats 2nd Risk Management and Process Maturity

6 kpmg Information Risk Management There is a relationship between inherent risk, process maturity and residual risk

7 kpmg Information Risk Management The Seven Inherent Risks

8 kpmg Information Risk Management The relationships between inherent risk and targeted process maturity

9 kpmg Information Risk Management The focus of IT Management, Risk Management, Internal and External audit in IT Governance Internal Audit IT Management Risk Management External Audit review Internal Audit’s work 3rd Roles of Audit and Management

10 kpmg Information Risk Management Conclusions Information Risk Management and IT Governance can be considered synonymous, depending on your point of view and approach Process maturity improvement programmes can (and should?) be driven from a risk management based approach Focus of relevant parties should be as follows: -IT Management on High Residual Risks -Internal Audit on Mature Processes -Risk Management on the Risk Management Process -External Audit on Internal Audit’s work

11 kpmg Information Risk Management A car has brakes to allow it to go faster…

12 kpmg Information Risk Management IT Governance (Information Risk Management) Graham Blain Partner kpmg Information Risk Management 85 Empire Road, Parktown (011) 647 7853 graham.blain@kpmg.co.za

Download ppt "Kpmg Information Risk Management IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham."

Similar presentations

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
E.g. 4.3.2 Act as a positive role model for innovation 4.3.1. Question the status quo 2.3.4 Keep the focus of contribution on delivering and improving.

E.g Act as a positive role model for innovation Question the status quo Keep the focus of contribution on delivering and improving.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Siemens Case Study What If Method?? External Stake Holders.

Siemens Case Study What If Method?? External Stake Holders.
Advisory Group Wrap-up Richard Jones GM Delivery Service, GS1.

Advisory Group Wrap-up Richard Jones GM Delivery Service, GS1.
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.
Managing knowledge and innovation Gauteng SMS Conference 16-17 March 2006.

Managing knowledge and innovation Gauteng SMS Conference March 2006.
Voluntary Environmental Management for SMEs: Alternatives Models for ISO 14001 Adoption Lisa Greenwood Environmental Management Leadership Symposium VII.

Voluntary Environmental Management for SMEs: Alternatives Models for ISO Adoption Lisa Greenwood Environmental Management Leadership Symposium VII.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
UNIVERSITY OF BALLARAT RISK MANAGEMENT OVERVIEW OF THE DEVELOPMENT OF POLICIES AND PROCEDURES John Gavens Managing Principal.

UNIVERSITY OF BALLARAT RISK MANAGEMENT OVERVIEW OF THE DEVELOPMENT OF POLICIES AND PROCEDURES John Gavens Managing Principal.
Slide 1 OHSI Presentation on Risk Profile Kimberley Turner Chief Executive Officer Aerosafe Risk Management EXHIBIT/P-00058.

Slide 1 OHSI Presentation on Risk Profile Kimberley Turner Chief Executive Officer Aerosafe Risk Management EXHIBIT/P
AN INVESTIGATION INTO THE EFFECTIVENESS OF PARTNERING IN PROMOTING HEALTH AND SAFETY MANAGEMENT ON CONSTRUCTION SITES Brian C Heath BSc, MSc, MRICS Directorate.

AN INVESTIGATION INTO THE EFFECTIVENESS OF PARTNERING IN PROMOTING HEALTH AND SAFETY MANAGEMENT ON CONSTRUCTION SITES Brian C Heath BSc, MSc, MRICS Directorate.
ISO General Awareness Training

ISO General Awareness Training
The Environmental Lens Download for free at: www.environmentallens.org.

The Environmental Lens Download for free at:
Health and Safety Executive Amenity Forum Updating Events 2015 London – City Hall Nigel Chadwick Chemicals Regulation Directorate.

Health and Safety Executive Amenity Forum Updating Events 2015 London – City Hall Nigel Chadwick Chemicals Regulation Directorate.
Executive summary prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY RISK MANAGEMENT.

Executive summary prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY RISK MANAGEMENT.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.

Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.

Similar presentations

Ads by Google