IT Governance, Risk, and Compliance

Feb 28 2013   2:50AM GMT

Risk Management: Is it just another set of business buzzwords? – Part II

Robert Davis Robert Davis Profile: Robert Davis

An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained benefit within each activity and across the activities portfolio.

Through project collaboration the Association of Insurance and Risk Managers, the Association of Local Authority Risk Managers, and the Institute of Risk Management promote the following risk management process:

1. Identify Strategic Objectives

2. Perform Risk Assessment

2.1 Risk Analysis

2.1.1 Risk Identification

2.1.2 Risk Description

2.1.3 Risk Estimation

2.2 Risk Evaluation

3. Provide Risk Reporting

4. Decision (determine risk appetite)

5. Document Risk Treatment

6. Provide Residual Risk Reporting

7. Perform Monitoring


Davis, Robert E. (2011). Assuring IT Governance. Available from and

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: