Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO6.2 - Enterprise IT Risk and Control Framework

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO6.2 - Enterprise IT Risk and Control Framework is contained within Process Popup Communicate Management Aims and Direction

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
21 Members
0 Online
4248 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Enterprise IT Risk and Control Framework

Develop and maintain a framework that defines the enterprise’s overall approach to IT risk and control and that aligns with the IT policy and control environment and the enterprise risk and control framework.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Comprehensive IT control and risk framework
  • IT risk and control awareness and understanding
  • Reduction of negative business impact when planned and unplanned issues occur
  Risk Drivers
  • Sensitive corporate information disclosed
  • Irregularities not identified
  • Financial losses
  • Compliance and security issues

View Control Practices  help

Hide Control Practices  help

  1. Define an IT risk and control framework adopting relevant guidance such as the Committee of the Sponsoring Organisations of the Treadway Commission’s (COSO’s) Internal Control—Integrated Framework, COSO’s Enterprise Risk Management—Integrated Framework and COBIT.
  2. Ensure that the enterprise IT risk and control framework specifies:
    • Purpose of the internal control framework
    • Scope of the control framework (i.e., IT process framework)
    • Management’s expectation of what needs to be controlled
    • Roles and responsibilities
    • Methodologies to be used
  3. Ensure the aim at maximising success of value delivery while minimising risks to information assets through preventive measures, timely identification of irregularities, limitation of losses and timely recovery of business assets.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 109 total

Must be a Topic member to contribute
View All »
Posted by ISACA 190 days ago
Posted by ISACA 726 days ago
Posted by ISACA 796 days ago

Events & Online Learning: 12 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
1 Aug 2016
ISACA International Event
Chicago, IL, USA

Journal Articles: 150 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 1, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 1, 2018
by Andrew Clark
With advances in computing power, the abundance of data storage and recent advances in algorithm design, machine learning is increasingly being utilized by corporations to...
Volume 6, 2017
by Abdullah Al-Mansour, Security+
The amount of data reviewed has changed the scope of an information security professional from an auditor to a data mining and analytics expert.

Wikis: 2 total

Blog Posts: 110 total

Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 0 comments
Globally, many organizations are spending millions of dollars protecting their businesses and its enabling infrastructure, but are they really secure? We shall discuss answer to this question in a little while. We need to understand core basics before we ...
Posted By : SudireddyRamreddy | 2 comments
Buzzword - “Blockchain Technology”Introduction:The Internet has transformed the world. Of the several boons that Internet gave us, two of them deserve to be accentuated, namely “World Wide Web” and “Email”, which today are perhaps the most valued things o...
Posted By : rajeevj12 | 0 comments
There is need to for ISACA through our local; chapter to allow fees to be paid in installments or split invoices given the fact that in our country - one has to find currency first and then deposit into a VISA card account. Thus i can raise my exam and ma...
Posted By : Hamadzashe | 0 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
30 Nov 2017
I predict that on 1 July 2018, I will be calmly eating a barbecuesandwich, talking with friends and possibly, I will burn a copy of the RFC2246: TLS version 1.0 standard for entertainment value.  Those will lesseffective Vendor, Network, Systems, Applicat...
Posted By : Don Turnblade | 0 comments