IT Governance, Risk, and Compliance

Mar 7 2013   1:54AM GMT

Risk Management: Is it just another set of business buzzwords? – Part IV

Robert Davis Robert Davis Profile: Robert Davis

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance risk assessment methodology, quantitative and/or qualitative factors effecting business processes should be considered, evaluated, and documented to enable suitable event responses.  Management’s IT processes risk assessment determines IT potential opportunity cost and control implementation criticality.  Quantitative risk calculations include:

  • Exposure Factor = Percentage of asset lost caused by identified risk
  • Single Loss Expectancy (SLE) = Asset Value X Exposure Factor
  • Annualized Rate of Occurrence (ARO) = Estimated frequency a threat will occur within a year
  • Annualized Loss Expectancy (ALE) = SLE X ARO
  • Safeguard Cost/Benefit Analysis = (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard)

Source

Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: