IT Governance, Risk, and Compliance:

Risk Management


September 6, 2011  7:35 PM

Common Risk Determinants for an IT Architecture – Part IV



Posted by: Robert Davis
COBIT, Control Environment, IT Architecture, Project Management, Risk Management, Risk Mitigation, Risk Tolerance

Fundamentally, IT policies and procedures should be deployed based on assessed effectiveness and efficiency in addressing managements’ risk appetite. Supporting CE

May 3, 2011  9:33 PM

Right-sizing IT Controls – Part VIII



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Control System, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities

Deploying key IT governance practices enhance an entity’s ability to meet control objectives for cost, functionality, and quality. Yet, regardless of the IT control techniques and automated tools available, the...


April 29, 2011  8:28 PM

Right-sizing IT Controls – Part VII



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Control System, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities

An entity’s controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. Consequently, IT policies, directives, standards, procedures, and rules should have a one-to-one or one-to-many correspondence with the assessed...


April 26, 2011  8:53 PM

Right-sizing IT Controls – Part VI



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels. An IT risk assessment should be considered a key risk management practice area. When management institutionalizes an...


April 5, 2011  5:45 PM

Managing the Dynamic Uncertainties of IT – Part VIII



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

Technology is an enabler, not a solution, for deploying and executing a sound operational strategy. To ensure effectiveness, responsibility for executing an adopted strategy should be shared across the entity, making all employees accountable as...


April 1, 2011  6:32 PM

Managing the Dynamic Uncertainties of IT – Part VII



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

An IT risk assessment can classify information assets by criticality, sensitivity, and impact on operations. For most entities, comprehensive IT risks evaluations should be iterative and adaptive processes. Therefore, adequate IT risk management...


March 29, 2011  8:28 PM

Managing the Dynamic Uncertainties of IT – Part VI



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

An adequate IT plan describes predetermined objectives, goals as well as ambit with sufficient supporting detail to guide risk assessment development. Correspondingly, IT risk assessment plans should reflect applicable IT standards and practice statements issued by governing bodies. Whereby,...


March 25, 2011  3:32 PM

Managing the Dynamic Uncertainties of IT – Part V



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

The IT program’s ambit generally dictates the risk assessment approach. Regarding techniques, the IT program’s ambit determines ‘what’ will be assessed, ‘how’ it will be assessed and assessment limits. Reflective of the IT planning premise, evaluating...


March 22, 2011  5:36 PM

Managing the Dynamic Uncertainties of IT – Part IV



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

Selecting a discretionary IT risk management framework imposes defining spending limits, work assignments and information decisions for creating and managing a viable strategically aligned IT management plan. ...


March 18, 2011  8:30 PM

Managing the Dynamic Uncertainties of IT – Part III



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

Managerial monitoring of deployed controls focusing on redressing external and internal environment quality assists in ensuring the established fiduciary relationship with stakeholders is fulfilled. An entity’s control environment quality is a major factor impacting irregular...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: