Risk management framework to complement COBIT

The industry association behind a popular management framework for IT governance is working on an update that addresses potential technology-related risks in the enterprise.

Scheduled for completion later this year, the risk management framework will be offered free of charge through the Rolling Meadows, Ill.-based IT Governance Institute (ITGI). The documents explaining the framework will include a glossary of risk-related terms and a “risk register” that defines dangers to the enterprise according to IT activities and process levels. The framework will then outline consequences and best practices for each risk on the register.

ITGI is best known for developing Control Objectives for Information and related technology, also known as COBIT which was last updated in 2005. COBIT offers guidance and best practices to manage 34 different processes, including planning, acquisition, delivery and monitoring. The first edition was published in 1994. More recently, ITGI has published a framework called Val IT, which focuses on ways for technology professionals to achieve greater return on investment or value from their IT investments.

Urs Fisher, head of IT and risk management at SwissLife Group, is leading a steering committee that is developing the framework. While COBIT does contain some discussion of risk management, he said ITGI realized that it needed to provide more depth and guidance as technology professionals struggle with issues around compliance with regulations such as Basel II.That said, those who are already in the process of adopting COBIT should not see the risk management framework as another big project to take on.

“It’s more of an add-on (to COBIT) than a new one,” he said, adding that the risk register is only one element of a more comprehensive education about risk. “It’s not a checklist. It’s more about the way you should do risk management.”

Fischer said the framework will revolve around identification, assessment and mitigation of risk. It will not be tied to particular vendor’s products or common technology platforms. The task force will include experts from Carnegie-Mellon University in the United States as well as those from Australia and other countries. The process kicked off in January and a first draft has already been written, he said.

“Now we’re at the point where we have to discuss how to go on, look at where we are satisfied, where we want to have something different,” he said.

Earlier this year ITGI published the results of a survey by PricewaterhouseCoopers which tried to gauge the awareness and adoption of its frameworks. The survey showed awareness of COBIT and Val IT has doubled since the study was done in 2005, but there was also a 23 per cent jump in the number who cited insufficient staff to manage IT effectively. Fariba Anderson, a former CIO who now works as a consultant with Toronto-based Manta Group, said these kinds of frameworks need to be more deeply integrated into the kind of postsecondary education provided to future IT professionals.

“Governance in some respects is common sense. It’s just not commonly applied,” she said. “Governance is doing the right things the right way, and doing them well.”

Fischer said the risk management framework would not merely address issues of concern to CIOs but to middle management IT as well. Besides COBIT, ITGI said the framework could also be mapped to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) standard.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now