IT Governance metrics > Risk management
|
IT Governance metrics > Risk management |
|
Risks to be mitigated through the implementation of controls. The focus is on determining which control objectives are to receive priority and which may be ignored. It also leads to the balancing the cost of control and with the mitigation of risk. Typically it commences with the valuation of assets and assessing the entity's vulnerability to known threats.
A risk assessment approach is, by its nature, subjective. To achieve the desired IT goals and objectives, the status of controls are constantly and consistently reviewed. The Cobit Audit Guidelines outline the approach and suggest actual activities to be performed corresponding to each of the 34 high-level IT control objectives for the 34 IT processes. One important task is to substantiate the risk of control objectives not being met. The CobiT Audit Guidelines is an invaluable tool for information systems auditors in providing management with assurance and/or advice for improvement.
|