IT Governance
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

IT Governance & Risk Management PowerPoint PPT Presentation


  • 192 Views
  • Uploaded on
  • Presentation posted in: General

IT Governance & Risk Management A paradigm of the relationship between Information Risk Management and IT Governance Graham Blain Partner, KPMG Information Risk Management. 3 rd Roles of Audit and Management. 2nd Risk Management & Process Maturity. 1st IT Governance vs Risk Management?.

Download Presentation

IT Governance & Risk Management

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


It governance risk management

IT Governance&Risk Management

A paradigm of the relationship between Information Risk Management and IT Governance

Graham Blain

Partner, KPMG Information Risk Management


Presentation road map

3rdRoles of Audit and Management

2nd

Risk Management & Process Maturity

1st

IT GovernancevsRisk Management?

Presentation Road Map


It governance and information risk management are synonymous from a certain point of view

1st

IT GovernancevsRisk Management?

IT Governance and Information Risk Managementare synonymous… from a certain point of view!

  • Risk is “the chance of something happening that will have an impact on objectives” (AS/NZS 4360)

  • Risk management is “the culture, processes and structure which come together to optimise the management of potential opportunities and adverse threats” (AS/NZS 4360)

  • IT Governance is “A management framework which ensures the delivery of expected benefits of IT in a controlled manner” (Poole V)


Risk management can be practically applied as a comprehensive governance approach

Risk Management can be practically applied as a comprehensive Governance approach…

  • Risks should be stated in terms of organisational objectives

  • Treatment of risks should comprise a combination of structure, processes, projects and specific actions

  • In the long term, appropriate structure and process maturity should be the goal


A suggested distinction between inherent and residual risk

2nd

Risk ManagementandProcess Maturity

A suggested distinction between inherent and residual risk…

  • Inherent Risk is the chance of something happening that will have an impact on objectives in the absence of structure and processes to optimise opportunities and threats

  • Residual Risk is the chance of something happening that will have an impact on objectives despite the structure and processes that are in place to optimise opportunities and threats


There is a relationship between inherent risk process maturity and residual risk

There is a relationship betweeninherent risk, process maturity and residual risk


The seven inherent risks

The Seven Inherent Risks


The relationships between inherent risk and targeted process maturity

The relationships between inherent risk and targeted process maturity


The focus of it management risk management internal and external audit in it governance

3rd

Roles of Auditand Management

The focus of IT Management, Risk Management, Internal and External audit in IT Governance

External Audit review Internal Audit’s work

Risk Management

ITManagement

InternalAudit


Conclusions

Conclusions

  • Information Risk Management and IT Governance can be considered synonymous, depending on your point of view and approach

  • Process maturity improvement programmes can (and should?) be driven from a risk management based approach

  • Focus of relevant parties should be as follows:

    • IT Management on High Residual Risks

    • Internal Audit on Mature Processes

    • Risk Management on the Risk Management Process

    • External Audit on Internal Audit’s work


A car has brakes to allow it to go faster

A car has brakes to allow it to go faster…


It governance information risk management

IT Governance(Information Risk Management)

Graham Blain

Partner

kpmg Information Risk Management

85 Empire Road, Parktown

(011) 647 7853

[email protected]


  • Login