Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 19 19-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Published byElmer Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 19 19-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall."— Presentation transcript:

1 Chapter 19 19-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall

2 Historical view – it was a low-key activity focused on delivering projects and keeping applications up and running. Today’s view – it has become much broader and complex, and it is recognized as an integral part of any technology- based work. 19-2

3 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Harm constituencies both within and outside companies. Damage corporate reputations. Dampens an organization’s ability to compete. 19-3

4 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-4 Legal/HazardsThird RegulatoryParties External Risk Operations Information Systems Development People Controls Processes Culture Governance Internal Risk ENTERPRISE RISK

5 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Third parties (i.e., partners, software vendors, service providers, suppliers, customers). Hazards (i.e., disasters, pandemics, geopolitical upheavals). Legal and regulatory issues (i.e., failure to adhere to the laws and regulations). 19-5

6 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Information risks (i.e., privacy, quality, accuracy, and protection). People risks (i.e., poorly designed business process, failure to adapt business processes). Cultural risks (i.e., risk aversion and lack or risk awareness). Control (i.e., ineffective controls). Governance (i.e., ineffective structure, roles). 19-6

7 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Viruses Hackers Organized crime Industrial spies Terrorists 19-7

8 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 1. Focus on what’s important : RM is not about anticipating all risks but about attempting to reduce significant risks to a manageable level (Austing and Darby 2003). RM should not be about saying “no” to a risk, but how to say “yes” – thereby building a more agile enterprise (Caldwell and Mogul 2006). 19-8

9 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 2. Expect the image to change over time: RM actions should be continuous, iterative, and structured. Mandatory risk assessment should be implemented at different key stages. Ongoing reviews and process of evaluation need to be adapted (Coles and Moulton 2003). 19-9

10 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 3. View risk from multiple levels and perspectives: RM assessments need to include root cause and multifaceted analyses. Organizations need to assess risk trends and develop strategies for dealing with them. 19-10

11 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-11 The goal of a risk management framework (RMF) is to ensure that the right risks are being addresses at the right levels. The RMF guides the development of risk policies and integrates appropriate risk standards and processes into existing practices (e.g., the SDLC).

12 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-12 Risk category Policies and standards Risk type Risk ownership Risk mitigation Risk reporting and monitoring

13 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-13 The general area of enterprise risk involved (e.g., criminal, operations, third party, etc.).

14 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-14 It includes the general principles for guiding risk decisions. The principles identify any standards that should apply to each risk category (i.e., SAI Global is an international standard).

15 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-15 Each risk should be identified and labeled with a generic name and definition, ideally linked to a business impact.

16 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-16 Each type of risk should have an owner, either in IT or in the business. Owners and stakeholders should have clear responsibilities and accountabilities. Major risks can be owned by committees (i.e., enterprise risk committee or risk review council).

17 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-17 Each type of risk should be associated with controls, practices, and tools for addressing it effectively. The goal of the framework is to provide means by which risks can be managed consistently, effectively, and appropriately.

18 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-18 Risk metrics should be reported in a way the organization understands (e.g., high, medium, low). Risk monitoring is an ongoing process because levels and types of risks are changing continually.

19 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-19 Look beyond technical risk Develop a common language of risk Simplify the presentation Right size Standardize the technology base Rehearse Clarify roles and responsibilities Automate where appropriate Educate and communicate

20 © 2012 Pearson Education, Inc. Publishing as Prentice Hall IT risk is involved in many types of business risks and therefore should be managed holistically. An integrated risk management framework helps organizations understand risk and make better decisions associated with it. 19-20

21 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 19-21 Copyright © 2012 Pearson Education, Inc. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Download ppt "Chapter 19 19-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall."

Similar presentations

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Auditing Governance Functions

Auditing Governance Functions
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 11 11-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Integrated Marketing Communications Chapter 1 1-1 Copyright © 2010 Pearson Education, Inc. publishing as Prentice Hall.

Integrated Marketing Communications Chapter Copyright © 2010 Pearson Education, Inc. publishing as Prentice Hall.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.

IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.
Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall

Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall
Developing a Business Mindset

Developing a Business Mindset
Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall

Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall
Business Ethics/ Social Responsibility/ Environmental Sustainability

Business Ethics/ Social Responsibility/ Environmental Sustainability
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Similar presentations

Ads by Google