Professional Documents
Culture Documents
Risk IT Framework 2nd Edition Laminate FMK Eng 0620
Risk IT Framework 2nd Edition Laminate FMK Eng 0620
Risk IT Framework 2nd Edition Laminate FMK Eng 0620
Figure 1.1
Scope of I&T-related Risk Relative to Other Major Categories of Risk
Enterprise Risk
I&T-related Risk
Figure 2.1
Balance
Principles of Risk Management
cost/benefit
of I&T-related
risk
Promote
Align
ethical and open
with ERM
communication
Risk
Management
Principles
Use a
consistent
approach
aligned to
strategy
10 10
5 5
0 0
Actual Risk Risk Appetite Risk Capacity Actual Risk Risk Appetite Risk Capacity
Source: ISACA, COBIT® 5 for Risk, USA, 2013, fig. 68, https://www.isaca.org/bookstore/cobit-5/wcb5rk
Figure 5.1
Risk Management Flow
Setting Context
Communication
Example Type
Risk Reporting and and Risk Identification
Communication
Categories of Risk and Assessment
Strategic
Operational
IT Risk
Cybersecurity
Information Security
Risk Analysis and
Risk Response
Business Impact Evaluation
Source: Adapted from ISACA, Getting Started With Risk Management, USA, 2018, fig. 2, https://www.isaca.org/bookstore/bookstore-wht_papers-digital/whpgsr
Business Objectives
Identification
Reduce through
high-level analysis
Risk Factors
I N T E R N AT I O N A L H E A D Q U A R T E R S
1700 E. Golf Road | Suite 400 | Schaumburg, IL 60173 | USA
isaca.org
Figure 7.1
Components of I&T Risk Communication
Risk Analysis
Tolerance
Risk
Estimate of
Frequency and Risk
Impact
Risk
Analysis
Parameters
for Risk Response
Risk Exceeding Selection
Risk-tolerance Level
Cost of Response
to Reduce Risk within
Tolerance Levels
Select Risk
Response Options Magnitude of Risk
Capability to
Implement Response
Effectiveness of
Risk Response Options
Response
1 2 3 4
Avoid Reduce/ Share/ Accept Efficiency of
Mitigate Transfer Response
Prioritized Risk
Responses Defer Business
Case
Risk Response