The Risk IT Practitioner Guide

  • 2h 4m
  • 2009

Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage—and even capitalize on—risk in the pursuit of their objectives. It extends COBIT, the globally recognized IT governance framework, and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.

Risk IT Practitioner Guide, a support document for the Risk IT framework, provides examples of possible techniques to address IT-related risk issues, and more detailed guidance on how to approach the concepts covered in the process model.

Concepts and techniques explored in more detail include:

  • Building enterprise-specific scenarios, based on a set of generic IT risk scenarios
  • Building a risk map, using techniques to describe the impact and frequency of scenarios
  • Building impact criteria with business relevance
  • Defining key risk indicators (KRIs)
  • Using COBIT and Val IT to mitigate risk; the link between risk and COBIT control objectives and Val IT key management practices

In this Book

  • Introduction to the Practitioner Guide
  • Defining a Risk Universe and Scoping Risk Management
  • Risk Appetite and Risk Tolerance
  • Risk Awareness, Communication and Reporting
  • Expressing and Describing Risk
  • Risk Scenarios
  • Risk Response and Prioritisation
  • A Risk Analysis Workflow
  • Mitigation of IT Risk Using COBIT and Val IT
  • Other ISACA Publications


Rating 4.4 of 64 users Rating 4.4 of 64 users (64)
Rating 4.6 of 275 users Rating 4.6 of 275 users (275)