Managed Risk
The identification, assessment and continuous mitigation of risks related to I&T are essential to maintain the tolerance levels established by the company's executive management.
objective
-
Integration with Enterprise Risk Management (ERM):
Align I&T-related risk management with the organization's overall risk management strategy. -
Balance between Costs and Benefits:
Ensure that investments in risk mitigation are proportional to the benefits obtained.
Management Practices
APO12.01 – Collect Data
-
Identify and collect relevant information to enable effective identification, analysis and reporting on I&T-related risks.
APO12.02 – Analyze Risk
-
Develop a well-founded view of real I&T risks, assisting in strategic and operational decision-making.
APO12.03 – Maintain a Risk Profile
-
Create and maintain an inventory of known risks, documenting attributes such as expected frequency, potential impact, and response actions.
-
Record the resources, capabilities and control activities associated with the identified risks.
APO12.04 – Articulated Risk
-
Communicate R&T-related exposures and opportunities clearly and in a timely manner to relevant stakeholders, enabling appropriate responses.
APO12.05 – Define a Risk Management Action Portfolio
-
Manage a set of actions to reduce risks to acceptable levels, treating them as part of a mitigation portfolio.
APO12.06 – Responding to Risk
-
Implement effective measures to respond quickly to materialized risk events, minimizing impacts and losses.
Skills
Enterprise Risk Management (BURM)
-
Development and implementation of organizational processes to manage risks that may compromise the success or integrity of the business.
-
Special consideration for risks arising from the use of technology, power failures or improper disposal of materials, hardware or data.
Information Assurance (INAS)
-
Protection of the integrity, availability, authenticity, non-repudiation and confidentiality of data stored and in transit.
-
Managing risks in a pragmatic and cost-effective manner to ensure stakeholder confidence.
Translated by 4MATT Tecnologia from the original Risk Management-APO12 (COBIT2019)
Tags: ServiceNow, Snow Software, Software Asset Management, Software Asset Management, SAM, FINOps, ITAM, ITSM, Flexera, Cloud Management governance framework, design factors, contact us, governance structures, it governance, online course , design guide, governance objective, cobit certification, corporate governance, it business, leave a comment, cobit exam, it management, information governance, free materials, isaca launched, cobit framework, cobit benefits, decision making, developed by isaca, certificate programs, designed to evolve, best practices, capacity levels, microsoft power, information management, control objectives, social networks, foundation bridge, brazilian companies, IT professionals, governance components, organizational structures, certification exams, business processes, performance management, governance certification, implementing nist using cobit, it market, power bi, g IT experts, design and implementation, governance framework, implementation guides, design factors, cobit implementation, best practices, implementation guide, effective governance, digital transformation, project management, governance strategy, cybersecurity, business objectives , cobit certification, cascade of goals, information technology