|
Risk IT provides a end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. Risk IT was published in 2009 by ISACA.〔(ISACA THE RISK IT FRAMEWORK (registration required) )〕 It is the result of a work group composed by industry experts and some academics of different nations, coming from organizations such as Ernst %26 Young, IBM, PricewaterhouseCoopers, Risk Management Insight, Swiss Life,and KPMG. == Definition == IT risk is a part of business risk—specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. It consists of IT-related events that could potentially impact the business. It can occur with both uncertain frequency and magnitude, and it creates challenges in meeting strategic goals and objectives.〔 Management of business risk is an essential component of the responsible administration of any organization. Due to IT’s importance to the overall business, IT risk should be treated like other key business risks. The Risk IT framework〔 explains IT risk and enables users to: * Integrate the management of IT risk with the overall ERM * Compare assessed IT risk with risk appetite and risk tolerance of the organization * Understand how to manage the risk IT risk is to be managed by all the key business leaders inside the organization: it is not just a technical issue of IT department. IT risk can be categorised in different ways: ;IT Benefit/Value enabler :risks related to missed opportunity to increase business value by IT enabled or improved processes ;IT Programme/Project delivery :risks related to the management of IT related projects intended to enable or improve business: i.e. the risk of over budget or late delivery (or not delivery at all) of these projects ;IT Operation and Service Delivery :risks associated to the day by day operations and service delivery of IT that can bring issues, inefficiency to the business operations of an organization The Risk IT framework is based on the principles of enterprise risk management standards/frameworks such as Committee of Sponsoring Organizations of the Treadway Commission ERM and ISO 31000. In this way IT risk could be understood by upper management. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Risk IT」の詳細全文を読む スポンサード リンク
|