The scope of the Risk IT framework is also fully covered within the scope of the COBIT 5 framework. You are invited to review the COBIT 5 framework first and, if more guidance on risk is needed, reference the Risk IT publications for more detail.
Risk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.
Risk is a natural part of the business landscape.
If left unmanaged, the uncertainty can spread like weeds.
If managed effectively, losses can be avoided and benefits obtained.
In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward. Effectively managing the business risks is essential to an enterprise’s success.
Too often, IT risk (business risk related to the use of IT) is overlooked. Other business risks, such as market risks, credit risk and operational risks have long been incorporated into the corporate decision-making processes. IT risk has been relegated to technical specialists outside the boardroom, despite falling under the same ‘umbrella’ risk category as other business risks: failure to achieve strategic objectives
Risk IT is a framework based on a set of guiding principles for effective management of IT risk. The framework complements COBIT, a comprehensive framework for the governance and control of business-driven, IT-based solutions and services.
While COBIT provides a set of controls to mitigate IT risk, Risk IT provides a framework for enterprises to identify, govern and manage IT risk. Simply put, COBIT provides the means of risk management; Risk IT provides the ends. Enterprises who have adopted (or are planning to adopt) COBIT as their IT governance framework can use Risk IT to enhance risk management.
If you have questions about RISK IT publications and ongoing research, please contact: