Scribd Logo
Upload

Welcome to Scribd!

  • EDM03 Full

    Uploaded by

    dwi anggraeny
    29 views2 pages
    This document discusses evaluating, directing, and monitoring risk management processes. It contains three governance practices - EDM03.01 evaluates risk management by examining risk factors and ensuring risk appetite is appropriate. EDM03.02 directs the establishment of risk management practices to ensure actual IT risk does not exceed the board's risk appetite. EDM03.03 monitors key goals and metrics of risk processes and establishes how deviations will be reported and remediated.

    Original Description:

    Original Title

    246913863-EDM03-Full.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses evaluating, directing, and monitoring risk management processes. It contains three governance practices - EDM03.01 evaluates risk management by examining risk factors and ensuring risk appetite is appropriate. EDM03.02 directs the establishment of risk management practices to ensure actual IT risk does not exceed the board's risk appetite. EDM03.03 monitors key goals and metrics of risk processes and establishes how deviations will be reported and remediated.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    29 views2 pages

    EDM03 Full

    Uploaded by

    dwi anggraeny
    This document discusses evaluating, directing, and monitoring risk management processes. It contains three governance practices - EDM03.01 evaluates risk management by examining risk factors and ensuring risk appetite is appropriate. EDM03.02 directs the establishment of risk management practices to ensure actual IT risk does not exceed the board's risk appetite. EDM03.03 monitors key goals and metrics of risk processes and establishes how deviations will be reported and remediated.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    : ENABLING PROCESSES

    Evaluate, Direct and Monitor

    EDM03 Process Practices, Inputs/Outputs and Activities


    Governance Practice Inputs Outputs
    EDM03.01 Evaluate risk management. From Description Description To
    #ONTINUALLYEXAMINEANDMAKEJUDGEMENTONTHE effect of
    APO12.01 Emerging risk issues Risk appetite guidance APO12.03
    risk on the current and future use of IT in
    and factors
    THEENTERPRISE.#ONSIDERWHETHERTHEENTERPRISE'SRISK Approved risk tolerance APO12.03
    appetite is appropriate and that risk to enterprise value levels
    related to the use of IT is identified and managed.
    Outside COBIT Enterprise risk Evaluation of risk APO12.01
    management principles management activities
    Activities
    1.$ETERMINETHELEVELOF)4-RELATEDRISKTHATTHEENTERPRISEISWILLINGTOTAKETOMEETITSOBJECTIVES(RISKAPPETITE).
    2.%VALUATEANDAPPROVEPROPOSED)4RISKTOLERANCETHRESHOLDSAGAINSTTHEENTERPRISE'SACCEPTABLERISKANDOPPORTUNITYLEVELS.
    3. Determine the extent of alignment of the IT risk strategy to enterprise risk strategy.
    4. Proactively evaluate IT risk factors in advance of pending strategic enterprise decisions and ensure that risk-aware enterprise decisions are made.
    5.$ETERMINETHAT)4USEISSUBJECTTOAPPROPRIATERISKASSESSMENTANDEVALUATION,ASDESCRIBEDINRELEVANTINTERNATIONALANDNATIONALSTANDARDS.
    6.%VALUATERISKMANAGEMENTACTIVITIESTOENSUREALIGNMENTWITHTHEENTERPRISE'SCAPACITYFOR)4-RELATEDLOSSANDLEADERSHIP'STOLERANCEOFIT.
    Governance Practice Inputs Outputs
    EDM03.02 Direct risk management. From Description Description To
    Direct the establishment of risk management
    APO12.03 Aggregated risk profile, Risk management policies APO12.01
    practices to provide reasonable assurance that IT risk
    including status of risk
    management practices are appropriate to ensure +EYOBJECTIVESTOBE APO12.01
    management actions
    THATTHEACTUAL)4RISKDOESNOTEXCEEDTHEBOARD'S monitored for risk
    risk appetite. management
    Outside COBIT Enterprise risk Approved process APO12.01
    management (ERM) for measuring risk
    profiles and mitigation management
    plans
    Activities
    1. Promote an IT risk-aware culture and empower the enterprise to proactively identify IT risk, opportunity and potential business impacts.
    2. Direct the integration of the IT risk strategy and operations with the enterprise strategic risk decisions and operations.
    3. Direct the development of risk communication plans (covering all levels of the enterprise) as well as risk action plans.
    4. Direct implementation of the appropriate mechanisms to respond quickly to changing risk and report immediately to appropriate levels of
    management, supported by agreed-on principles of escalation (what to report, when, where and how).
    5. Direct that risk, opportunities, issues and concerns may be identified and reported by anyone at any time. Risk should be managed in accordance with
    published policies and procedures and escalated to the relevant decision makers.
    6. Identify key goals and metrics of risk governance and management processes to be monitored, and approve the approaches, methods, techniques
    and processes for capturing and reporting the measurement information.

    40 Personal Copy of: Mr. Dong Hong Wang


    CHAPTER 5
    COBIT 5 PROCESS REFERENCE GUIDE CONTENTS

    Evaluate, Direct and Monitor


    EDM03 Process Practices, Inputs/Outputs and Activities (cont.)
    Governance Practice Inputs Outputs
    EDM03.03 Monitor risk management. Monitor the From Description Description To
    key goals and metrics of the risk management
    APO12.02 Risk analysis results Remedial actions to APO12.06
    processes and establish how deviations or problems
    address risk management
    will be identified, tracked and reported for remediation.
    deviations
    APO12.04 s/PPORTUNITIESFOR Risk management issues EDM05.01
    acceptance of for the board
    greater risk
    s2ESULTSOFTHIRD-PARTY
    risk assessments
    s2ISKANALYSISANDRISK
    profile reports
    for stakeholders
    Activities
    1. Monitor the extent to which the risk profile is managed within the risk appetite thresholds.
    2. Monitor key goals and metrics of risk governance and management processes against targets, analyse the cause of any deviations, and initiate
    remedial actions to address the underlying causes.
    3.%NABLEKEYSTAKEHOLDERS'REVIEWOFTHEENTERPRISE'SPROGRESSTOWARDSIDENTIFIEDGOALS.
    4. Report any risk management issues to the board or executive committee.

    EDM03 Related Guidance


    Related Standard Detailed Reference
    #/3//%2-
    )3//)%#31000 Framework for Risk Management
    )3//)%#38500
    King III s5.5.)4SHOULDFORMANINTEGRALPARTOFTHECOMPANY'SRISKMANAGEMENT. s5.7.
    !RISKCOMMITTEEANDAUDITCOMMITTEESHOULDASSISTTHEBOARDINCARRYINGOUTITS)4RESPONSIBILITIES.

    Personal Copy of: Mr. Dong Hong Wang 41

    You might also like