Professional Documents
Culture Documents
EDM05 Stakeholder Transparency
EDM05 Stakeholder Transparency
1 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
2 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
3 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
4 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
EDM05.02.03 - Validation Understand if and how IT has For a selected number of IT managers, ask them to describe the mechanism used to validate and
and Approval established mechanisms for approve any mandatory reporting.
validation and approval of
mandatory reporting.
EDM05.02.04 - Escalation Determine if there are For a selected number of IT managers, ask them to describe any reporting escalation
any reporting escalation mechanisms, if any.
mechanisms and if they are
necessary.
5 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
Monitor stakeholder communication. Assess mechanisms for ensuring accuracy, reliability and effectiveness, and ascertain whether the requirements of different
stakeholders are met.
6 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
7 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
Risk Scenario - Describe the risk/opportunity scenario, including a discussion of the negative and positive impact of the scenario. The description clarifies the
threat/ vulnerability type and includes the actors, events, assets and time issues.
Malicious
⃣ Accidental
⃣ Error
⃣ Failure
⃣ Natural
⃣ External requirement
Actor (Who or what could trigger the threat that exploits a vulnerability) ⃣ Internal
⃣ External
⃣ Human
⃣ Non-Human
Event (Something that happens that was not supposed to happen, something does not happen ⃣ Disclosure
that was supposed to happen, or a change in circumstances. Events always have causes and ⃣ Interruption
usually have consequences. A consequence is the outcome of an event and has an impact on ⃣ Modification
objectives.) ⃣ Theft
⃣ Destruction
⃣ Ineffective design
⃣ Ineffective execution
⃣ Rules and regulations
⃣ Inappropriate use
Asset (An asset is something of tangible or intangible value that is worth and skills protecting, ⃣ Process
8 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)
9 1 - © 2012 ISACA. All rights reserved. COBIT® 5 is a registered trademark of the Information Systems Audit and Control Association (ISACA)