The document discusses IT governance and risk management. It defines governance and risk management, and explains that governance deals with connecting business focus to IT management, while risk management involves identifying, assessing, and prioritizing risks. It also classifies different types of IT risks, discusses how IT risk fits into enterprise risk management, and outlines the IT governance process and methods for evaluating, defining scenarios for, setting tolerance for, and controlling IT risks.
Roles and Responsibilities of Board Members in IT Risk Assessment
Info sec 2011 julen c mohanty
1. Bangalore IT Governance & Risk Management Julen C. Mohanty Citicorp Services India Ltd 17th June 2011, The Oberoi, Bangalore
2. DISCLAIMERS Any views or opinions showcased in this presentation are solely those of the author and may not necessarily represent those of the Citigroup. This document is meant for use of ITNEXT or it’s affiliated members. Has to be used within ITNEXT or it’s affiliated members and not to be forwarded to anyone outside ITNEXT or it’s affiliated members.
3.
4. What is Risk management
5. Classification if IT Risk
6. IT Risk in ERM
7. IT Governance Process
8. IT Risk Evaluation
9. IT Risk Scenarios
10. IT Risk Tolerance
11. How to Act on Risk
12.
13.
14. Risk is inherent to all enterprises.Enterprises need to ensure that opportunities for value creation are not missed by trying to eliminate all risk.
69. How to Act on Risk PLAN DO PLAN DO CHECK ACT CHECK ACT PLAN (What, When, How) DO (Identify & Analyze ) Monitor & Reporting (Watchful) CHECK & ACT (Mitigate & Control) Continuous & Interlocked Process. Definitely not Separate events
70. IT Risk Controls Business Objectives Align With ERM Control IT Risk Management Balance Cost/ Benefit of IT Risk Accountability Top Management Commitment Communication Function as part of Daily Activities