Global IT governance organisation ISACA has launched a best practice framework to provide the missing link between enterprise risk and IT risk management.
Risk IT builds on the existing COBIT framework and is aimed at helping firms identify and manage IT-related business risks, such as late project delivery, an outdated IT infrastructure or a lack of relevant skills. Mismanagement of these risks more could potentially cost firms millions in lost revenues and opportunities.
ISACA identified there was a gap in the market for information on IT risk management, although many firms have established their own internal processes. Risk IT will enable these companies to compare their internal risk management practices with the ISACA template, as well as provide a best practice blueprint for those organisations with no plans in place.
“The framework will help you find out what risks your have in your company and what you can do to mitigate them,” said Urs Fischer, Risk IT chairman and developer.
Steven Babb, a senior manager in KPMG’s advisory services and fellow developer of Risk IT, said that without a comprehensive view of risk across the IT business, there was a risk the board could make decisions based on incomplete or incorrect information. The guide offers practical information on how to implement changes.
“It’s telling you how to implement a process and identify the risks – but not only identify but also respond,” said Babb.
Risk IT is available as a free download from ISACA.
