What is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks?

15 pts.
Tags:
COBIT
Compliance
IT Compliance
regulatory compliance
Risk assessment
Risk management
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk. His department is evaluating benchmarking IT application controls as a way of testing strategy. He would like to know what you think is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks. What are your recommendations?

Answer Wiki

Thanks. We'll let you know when a new response is added.

This can a rather detailed/complicated subject depending on specific business needs. The key is to align COBIT (or whatever) with other widely-accepted standards/frameworks such as ISO/IEC 27002 and perform an assessment at that level. This has been documented by the IT Governance Institute.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Alexander Howard
    Thanks, Kevin. I imagine our readers will find that useful. Sarah Cortes explained how to align risk with COBIT controls at SearchCompliance.com's blog last week as well.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: