Home > IT Answers > CIO > What is the best way to implement a risk asse...
AlexanderHoward
15 pts.
0
Q:
What is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks?
Compliance, regulatory compliance, Risk management, COBIT, Risk assessment, IT Compliance
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk.

His department is evaluating benchmarking IT application controls as a way of testing strategy.

He would like to know what you think is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks.

What are your recommendations?
ASKED: Feb 16 2009  6:04 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
KevinBeaver
7385 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
This can a rather detailed/complicated subject depending on specific business needs. The key is to align COBIT (or whatever) with other widely-accepted standards/frameworks such as ISO/IEC 27002 and perform an assessment at that level. This has been documented by the IT Governance Institute here and elsewhere on their site at www.itgi.org
Last Answered: Feb 18 2009  3:36 PM GMT by KevinBeaver   7385 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Alexander Howard   0 pts.  |   Mar 23 2009  5:27PM GMT

Thanks, Kevin. I imagine our readers will find that useful. Sarah Cortes explained how to align risk with COBIT controls at <a href="http://SearchCompliance.com" title="http://SearchCompliance. " target="_blank">SearchCompliance.com</a>’s blog last week as well.

 
0