Home > IT Answers > CIO > What is the best way to implement a risk asse...
AlexanderHoward
15 pts.
 What is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks?
Compliance, regulatory compliance, Risk management, COBIT, Risk assessment, IT Compliance
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk.

His department is evaluating benchmarking IT application controls as a way of testing strategy.

He would like to know what you think is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks.

What are your recommendations?
ASKED: Feb 16, 2009  6:04 PM GMT
UPDATED: March 23, 2009  5:27:25 PM GMT
RELATED QUESTIONS
KevinBeaver
9,195 pts.
Answer Wiki:
This can a rather detailed/complicated subject depending on specific business needs. The key is to align COBIT (or whatever) with other widely-accepted standards/frameworks such as ISO/IEC 27002 and perform an assessment at that level. This has been documented by the IT Governance Institute here and elsewhere on their site at www.itgi.org
Last Wiki Answer Submitted:  Feb 18, 2009  3:36 PM (GMT)  by  KevinBeaver   9,195 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

Thanks, Kevin. I imagine our readers will find that useful. Sarah Cortes explained how to align risk with COBIT controls at SearchCompliance.com’s blog last week as well.

Alexander Howard
 0 pts.