Managed Risk
Continually identify, assess and reduce I&T-related risk within tolerance levels set by enterprise executive management.
Purpose
Integrate the management of I&T-related enterprise risk with overall enterprise risk management (ERM) and balance the costs and benefits of managing I&T-related enterprise risk.
Management practices
APO12.01 Collect data.
Identify and collect relevant data to enable effective I&T-related risk identification, analysis and reporting.
APO12.02 Analyze risk.
Develop a substantiated view on actual I&T risk, in support of risk decisions.
APO12.03 Maintain a risk profile.
Maintain an inventory of known risk and risk attributes, including expected frequency, potential impact and responses. Document related resources, capabilities and current control activities related to risk items.
APO12.04 Articulate risk.
Communicate information on the current state of I&T-related exposures and opportunities in a timely manner to all required stakeholders for appropriate response.
APO12.05 Define a risk management action portfolio.
Manage opportunities to reduce risk to an acceptable level as a portfolio.
APO12.06 Respond to risk.
Respond in a timely manner to materialized risk events with effective measures to limit the magnitude of loss.
Skills
Business risk management BURM
The planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply or inappropriate disposal of materials, hardware or data.
Information assurance INAS
The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.
Be the first to leave a review.