ISACA Announces New Risk IT Framework

Lora Bentley

The Control Objectives for Information and related Technology (COBIT) framework has become a globally accepted standard for IT governance. So much so, in fact, that the Information Systems Audit and Control Association, which developed the framework in 1996, has not only issued several updates, but also extended COBIT and tailored it to specific functions. Val IT, for instance, is a COBIT-based framework addressing the governance of IT-enabled business investments, according to the ISACA Web site.

 

This week, the standards organization announced the release of its newest COBIT extension, Risk IT. Described as "a framework for enterprises to identify, govern and manage IT risk," Risk IT is comprised of three domains: governing risk, evaluating risk, and responding to risk. The framework includes guidance on activities and responsibilities within each process, as well as how information "flows" between the processes.

 

In an ISACA e-mail announcing the release, Risk IT developer Brian Barnier says:

Risk and value are two sides of the same coin. Risk is inherent to all enterprises, but a balance must be struck that avoids value destruction and ensures that opportunities for value creation are not missed. Risk IT helps all levels of management manage risk for the greatest benefit and helps detect warning signs earlier.


Add Comment      Leave a comment on this blog post
Dec 21, 2009 5:36 AM Raphael Raphael  says:

The publication of Risk IT by ISACA was announced long time ago. However the problem is not necessarily the lacking of standards. Specifically in IT Risk Management we do already have a wealth of frameworks such as ISO 27005, ISO 31000, Management of Risks M_o_R, or even AS/NZS 4360:2004. The problem its not the lacking of framework but moreover of a tool that helps companies to systematically trace and manage their risks. It would be wiser to have less standards or frameworks and instead real risk management solutions such as MinimaRisk is providing.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.