Posted by: Robert Davis
COBIT, Control Objectives for Information and related Technology, E-Governance, E-Government, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, Information and Communication Technology, Information Systems Audit and Control Association, ISACA, IT Governance Institute, IT Infrastructure Library, IT Service Management, ITG, ITGI, ITSM, Non-profit, Not-for-profit, Organizational Formation, Risk Assessment, Risk Management, Service Delivery
Governing an entity mandates management accurately conceptualize information criticality and communication paths. Reflective of the Australian/New Zealand Standard on Risk Management (AS/NZS ISO 31000:2009), risk management is an iterative process consisting of steps, which when taken in sequence, enable continual improvement in decision-making. It is also the logical and systematic method of identifying, analyzing, evaluating, treating, monitoring and conveying risks associated with any system, process, activity, or task in a way that will enable an entity to minimize losses and maximize opportunities. Consequently, management of risk represents the means by which an entity elects to administrate cataloged possibilities. As alternative responses, risks may be addressed by reducing, avoiding, transferring, or accepting potential threats. Specific to not-for-profit entities, these risks typically encompass: objective achievement, organizational credibility, equitable provision of services, and appropriate behavior of officials.