1 / 12

IT Governance & Risk Management

IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham Blain Partner, KPMG Information Risk Management. 3 rd Roles of Audit and Management. 2nd Risk Management & Process Maturity. 1st IT Governance vs Risk Management?.

feivel
Télécharger la présentation

IT Governance & Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Governance&Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham Blain Partner, KPMG Information Risk Management

  2. 3rdRoles of Audit and Management 2nd Risk Management & Process Maturity 1st IT GovernancevsRisk Management? Presentation Road Map

  3. 1st IT GovernancevsRisk Management? IT Governance and Information Risk Managementare synonymous… from a certain point of view! • Risk is “the chance of something happening that will have an impact on objectives” (AS/NZS 4360) • Risk management is “the culture, processes and structure which come together to optimise the management of potential opportunities and adverse threats” (AS/NZS 4360) • IT Governance is “A management framework which ensures the delivery of expected benefits of IT in a controlled manner” (Poole V)

  4. Risk Management can be practically applied as a comprehensive Governance approach… • Risks should be stated in terms of organisational objectives • Treatment of risks should comprise a combination of structure, processes, projects and specific actions • In the long term, appropriate structure and process maturity should be the goal

  5. 2nd Risk ManagementandProcess Maturity A suggested distinction between inherent and residual risk… • Inherent Risk is the chance of something happening that will have an impact on objectives in the absence of structure and processes to optimise opportunities and threats • Residual Risk is the chance of something happening that will have an impact on objectives despite the structure and processes that are in place to optimise opportunities and threats

  6. There is a relationship betweeninherent risk, process maturity and residual risk

  7. The Seven Inherent Risks

  8. The relationships between inherent risk and targeted process maturity

  9. 3rd Roles of Auditand Management The focus of IT Management, Risk Management, Internal and External audit in IT Governance External Audit review Internal Audit’s work Risk Management ITManagement InternalAudit

  10. Conclusions • Information Risk Management and IT Governance can be considered synonymous, depending on your point of view and approach • Process maturity improvement programmes can (and should?) be driven from a risk management based approach • Focus of relevant parties should be as follows: • IT Management on High Residual Risks • Internal Audit on Mature Processes • Risk Management on the Risk Management Process • External Audit on Internal Audit’s work

  11. A car has brakes to allow it to go faster…

  12. IT Governance(Information Risk Management) Graham Blain Partner kpmg Information Risk Management 85 Empire Road, Parktown (011) 647 7853 graham.blain@kpmg.co.za

More Related