Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO6.2 - Enterprise IT Risk and Control Framework

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO6.2 - Enterprise IT Risk and Control Framework is contained within Process Popup Communicate Management Aims and Direction

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
19 Members
0 Online
0 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Enterprise IT Risk and Control Framework

Develop and maintain a framework that defines the enterprise’s overall approach to IT risk and control and that aligns with the IT policy and control environment and the enterprise risk and control framework.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Comprehensive IT control and risk framework
  • IT risk and control awareness and understanding
  • Reduction of negative business impact when planned and unplanned issues occur
  Risk Drivers
  • Sensitive corporate information disclosed
  • Irregularities not identified
  • Financial losses
  • Compliance and security issues

View Control Practices  help

Hide Control Practices  help

  1. Define an IT risk and control framework adopting relevant guidance such as the Committee of the Sponsoring Organisations of the Treadway Commission’s (COSO’s) Internal Control—Integrated Framework, COSO’s Enterprise Risk Management—Integrated Framework and COBIT.
  2. Ensure that the enterprise IT risk and control framework specifies:
    • Purpose of the internal control framework
    • Scope of the control framework (i.e., IT process framework)
    • Management’s expectation of what needs to be controlled
    • Roles and responsibilities
    • Methodologies to be used
  3. Ensure the aim at maximising success of value delivery while minimising risks to information assets through preventive measures, timely identification of irregularities, limitation of losses and timely recovery of business assets.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 109 total

Must be a Topic member to contribute
View All »
Posted by ISACA 41 days ago
Posted by ISACA 577 days ago
Posted by ISACA 647 days ago

Events & Online Learning: 17 total

Journal Articles: 142 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 4, 2107
The root causes of privacy incidents include the outsourcing of data, malicious insiders, system glitches, cyberattacks, and the failure to shred or dispose of privacy data properly.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 4, 2017
by Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
An audit/assurance program is defined by ISACA as a step-by-step set of audit procedures and instructions that should be performed to complete an audit.
Volume 4, 2017
by Joshua J. Filzen, Ph.D., CPA and Mark G. Simkin, Ph.D.
Attachments are popular in several accounting contexts. Many of the same file types that can be attached to emails can also be attached to the records in databases.
Volume 4, 2017
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, BS 25999 LA, CCNA, CEH, ISO 27001 LA, MCP, MCTS, VCP
In this article, the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 27001:2013 standard is introduced briefly and compared to ISO/IEC 27001:2005.

Wikis: 2 total

Blog Posts: 98 total

Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
Recently while reading through various cyber security threat feeds, I ran across a very interesting article describing ways to protect your identity and personal data.  In the article the author discussed "Understanding your data-protection and privacy ri...
Posted By : James948 | 0 comments
22 Jul 2017
Hasta hace pocos años contar con una aplicación de inteligencia de negocios era caro, complejo y necesitabas el apoyo constante del personal de informática para obtener la información precisa. Hoy ya existen herramientas como Power BI Desktop que permiten...
Posted By : Alejandro906 | 0 comments
La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 1 comments
Places where the relevant principles of COBIT map to COSO 2013 principles* are marked as Yes. .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 table {;} .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 .font51287 {color:black;font-size:9.0pt;font-weig...
Posted By : Sugandh | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments