Risk assessment

The CobiT Management Guideline includes a matrix of "Management's IT Concerns". This document is based on a Gartner research initiative. It highlights the technology concerns and the IT processes most likely to be affected.

The document "Management's IT Concerns" is useful in that it can serve as the basis for initiating a program for better IT Governance. It enables management to prioritise the technologies and the IT processes that should receive attention first. This document summarises the Technology Concerns identified by Gartner across the horizontal axis and matches these to the corresponding 34 IT processes on the vertical axis.

CobiT also addresses risk as part the review of control objectives for the 34 IT processes. Here risk is considered at a IT process level, and specifically the nature of the risk should a control objective not be established our sustained.