IT Governance, Risk, and Compliance

Mar 14 2013   1:10AM GMT

Risk Management: Is it just another set of business buzzwords? – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

  • Policies
  • Directives
  • Standards
  • Procedures
  • Rules

Strategically; policies are definite courses or methods of action selected by management from alternatives, considering the environment, to guide as well as determine present and future decisions.  For example, an entity’s IT governance related policy may require IT management obtain signed Service Level Agreements (SLAs) for all deployed systems.

Directives serve or intend to guide, govern, or influence actions or goals.  Furthermore, directives should be considered orders or instructions.  When activated, entity proxy directives can be interpreted as conveying fiduciary requirements to the assignee.  Internal or external central authorities may issue directives as well as individuals.  For example, an external aviation agency may direct aircraft operators to carefully inspect a particular airplane wing.  Internally, directives are usually documented in memorandums and reflect matters requiring immediate attention.  Directives should receive the same due diligence as policies and procedures.

Source

Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: