cobit 5 for it risk management 5 for it risk management ... it-related: iso/iec 38500, itil, iso/iec...
TRANSCRIPT
![Page 1: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/1.jpg)
COBIT 5 FOR IT RISK MANAGEMENT
Prof. dr. Wim Van Grembergen
University of Antwerp (UA)
IT Alignment and Governance (ITAG) Research Institute
![Page 2: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/2.jpg)
2
-
![Page 3: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/3.jpg)
3
AGENDA
- COBIT 5 overview
- IT risk defined
- Risk function perspective
- Risk management perspective
- Risk scenarios
-
![Page 4: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/4.jpg)
4
COBIT 5 overview
![Page 5: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/5.jpg)
5
Enterprise Governance of IT
Enterprise governance of IT (EGIT) is an integral part of enterprise governance exercised by the Board overseeing the definition and implementation of processes, structures and relational mechanisms in the organisation enabling both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments.
(Van Grembergen & De Haes, 2009 and 2015)
![Page 6: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/6.jpg)
6
COBIT and VALIT as frameworks for Enterprise Governance of IT
Enterprise Governance of IT
COBIT
Focus on IT processes
Val IT
Foucs on IT - related business processes
Enterprise Governance of IT
COBIT
Focus on IT processes
Val IT
Focus on IT - related business processes
![Page 7: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/7.jpg)
7
Governance of Enterprise IT
COBIT 5
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit
COBIT1
COBIT evolution
2005/7 2000 1998
Evo
lutio
n o
f sco
pe
1996 2012
Val IT 2.0 (2008)
Risk IT (2009)
![Page 8: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/8.jpg)
8
COBIT 5
COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders.
![Page 9: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/9.jpg)
9
1. Meeting stakeholder needs
Stakeholder needs have to be transformed into an enterprise’s actionable strategy.
The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customised goals within the context of the enterprise, IT-related goals and enabler goals.
9
![Page 10: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/10.jpg)
10
2. Covering the Enterprise End-to-end
![Page 11: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/11.jpg)
11
3. Applying a Single Integrated Framework
COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises:
Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000
IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI
Etc.
This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator.
ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references.
11
![Page 12: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/12.jpg)
12 12
4. Enabling a Holistic Approach
![Page 13: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/13.jpg)
13
Principle 4: Enabling a holistic approach
(continued) • EGIT research (Van Grembergen and De
Haes) shows that organizations can deploy EGIT by using a mixture of various structures, processes, and relational mechanisms
• COBIT 5 builds on these insights and incorporates the “enablers” in its framework
![Page 14: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/14.jpg)
14
IT GOVERNANCE MODEL (Van Grembergen – De Haes)
![Page 15: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/15.jpg)
15
Governance of Enterprise IT
5 governance processes
Management of Enterprise IT
Align, plan & organize processes
Build, acquire & implement processes
Deliver, service & support processes
Monitor, evaluate &
assess processes
5. Separating Governance From Management
![Page 16: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/16.jpg)
16
Governance in COBIT 5
Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.
![Page 17: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/17.jpg)
17
IT RISK DEFINED
![Page 18: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/18.jpg)
18
IT RISK DEFINED
![Page 19: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/19.jpg)
19
Risk can be defined as the combination of the probability of an event and its consecquences that enterprise objectives are not met.
COBIT 5 defines IT risk as business risk specifically the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.
IT risk consists of IT-related events that potentially impact the business creating challenges in meeting strategic goals and objectives.
Definition of risk
![Page 20: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/20.jpg)
20
IT risk categories
![Page 21: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/21.jpg)
21
• Non-alignment with commercial policies or strategy
• Non-alignment with technical standards, architecture, etc.
• Compliance with security guidelines/policy
• Clarity and credibility of desired business outcomes
• Measurability of outcomes (lead and lag indicators)
• Benefits monitoring processes
• Sensitivity of outcomes to timing or external dependencies, including changes in the economy, market conditions or a specific industry sector.
• Extent of organisational change required (depth and breadth)
• Clarity of the scope of organisational change required
• Quality of the change management plan
• Preparedness and capability of business to handle the change
• Level of business organisational understanding of and commitment to the programme
• Quality and availability of business sponsorship
• Senior business department staff engagement
• ‘Big bang’ programme or ‘do-able chunks’
Benefits Risk
![Page 22: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/22.jpg)
22
• Quality of the programme and project plans (completeness and reasonability)
• Clarity of scope and deliverables
• Unproven technology
• Compliance with technology architecture and standards
• Project duration
• Size of the project in relation to earlier successful projects
• Level of interface required to existing systems and processes
• Senior business department staff involvement
• Key staff availability during project deployment
• Experience/quality of project managers
• Experience/quality of project teams
• Reliance on vendors
• Dependency on factors outside control of project teams
• Quality of risk control mechanisms
• Ability to provide ongoing operational support
Delivery Risk
![Page 23: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/23.jpg)
23
TWO PERSPECTIVES ON RISK
![Page 24: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/24.jpg)
24
RISK MANAGEMENT PERSPECTIVE
![Page 25: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/25.jpg)
25
ENABLER RISK FUNCTION: PRINCIPLES, POLICIES & FRAMEWORKS
![Page 26: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/26.jpg)
26
![Page 27: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/27.jpg)
27
ENABLER RISK FUNCTION: PROCESSES
![Page 28: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/28.jpg)
28
![Page 29: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/29.jpg)
29
ENABLER RISK FUNCTION: ORGANISATIONAL STRUCTURES
![Page 30: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/30.jpg)
30
ENABLER RISK FUNCTION: CULTURE, ETHICS & BEHAVIOUR
![Page 31: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/31.jpg)
31
ENABLER RISK FUNCTION: INFORMATION
![Page 32: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/32.jpg)
32
ENABLER RISK FUNCTION: INFORMATION
![Page 33: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/33.jpg)
33
ENABLER RISK FUNCTION: SERVICES, INFRASTRUCTURES & APPLICATIONS
![Page 34: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/34.jpg)
34
ENABLER RISK FUNCTION: PEOPLE, SKILLS & COMPETENCIES
![Page 35: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/35.jpg)
35
ENABLER RISK FUNCTION: PEOPLE, SKILLS & COMPETENCIES
![Page 36: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/36.jpg)
36
ENABLER RISK FUNCTION: PEOPLE, SKILLS & COMPETENCIES
![Page 37: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/37.jpg)
37
RISK MANAGEMENT
PERSPECTIVE
![Page 38: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/38.jpg)
38
Risk Management in COBIT 5
Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.
![Page 39: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/39.jpg)
39
• All enterprise activities have associated risk exposures resulting from environmental threats that exploit enabler vulnerabilities
• EDM03 Ensure risk optimisation ensures that the enterprise stakeholders approach to risk is articulated to direct how risks facing the enterprise will be treated.
• APO12 Manage risk provides the enterprise risk management (ERM) arrangements that ensure that the stakeholder direction is followed by the enterprise.
• All other processes include practices and activities that are designed to treat related risk (avoid, reduce/mitigate/control, share/transfer/accept).
RISK GOVERNANCE & MANAGEMENT PROCESS
![Page 40: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/40.jpg)
40
Scoring investeringsdossiersATS Trekk.
ATS
Pnr Naam dossier
Rendem
ent
Aanslu
itin
g o
p
str
ate
gie
Com
petitief
voord
eel en
noodzaak
Noodzaak
Onders
teunin
g
managem
ent
Info
rmatie
arc
hitectu
ur
Verm
indering
opera
tionele
risic
o's
Pro
jectr
isic
o &
org
anis
ato
risch
risic
o
Functionele
onzekerh
eid
Technis
che
onzekerh
eid
InvesteringsdossiersDoorlopende dossiers in 2004
RET MKT 0020 Intrest and liquidity risk (ALM_TDI) 1 5 4 5 5 5 5 2 5 5
OND OND 0021 Quantitative Credit Risk Management (QCR) 4 5 5 5 5 5 1 4 5 5
RET RET 0119 KBD : Multikanalen krediettoep. aan particulieren 4 5 4 3 3 5 5 2 1 1
RET RET 0202 KIT 4 5 4 4 3 3 5 3 1 3
RET RET 0232 Oleander (totaaloplossing Leven Ondernemingen) 1 5 5 1 3 5 3 3 1 2
NAV NAV 0245 Collateral Management Fase 2 5 3 3 1 3 5 5 3 3 4
BED BED 0292 Bankwijd Web-enablen van ICMtoepassingen 4 5 5 1 3 1 1 4 1 3
NAV NAV 0397 IPE / EBOBA 1 5 4 1 3 5 3 4 5 4
NAV NAV 0399 Verwerking OTC Derivaten 4 5 4 4 3 5 4 1
RET RET 0403 VA Front-end Leven
RET RET 0406 Product fabriek Schadeverzekeringen 2 5 4 1 1 5 3 4 1 3
OND OND 0442 Operationeel Risicobeheer 5 5 5 5 5 3 5 3 3 3
RET RET 0449 Herwerken cliënten output 5 5 4 5 1 5 5 3 5 2
OND OND 0456 IAS Verzekeringen 4 5 4 5 5 3 3 4 5 3
OND OND 0479 Beperking van de volatiliteit onder IAS 1 5 3 5 5 3 1 4 5 2
OND OND 0501 ERP voor ondersteunende diensten B+V
RET RET 0518 OFS (Ontwikkeling Financiele Services) 4 5 4 1 3 5 5 3 1 3
Nieuwe
RET RET 0308 Migratie Centea 1 5 3 1 5 5 3 3 1 3
OND OND 0480 Reconciliatietool 1 5 1 3 3 5 1 3 3
RET RET 0884 Pleander Voorstudie Particulieren leven anders 1 5 5 2 3 5 3 2 5 2
OND OND 0887 Europese Spaarfiscaliteit 1 5 4 3 3 5 4 5 1
OND OND 0899 ERP - Fase 2 1 5 5 5 5 3 5 4 5 3
Geel Groen Rood
Risico'sWaardecategorie
![Page 41: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/41.jpg)
41
![Page 42: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/42.jpg)
42
![Page 43: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/43.jpg)
43
![Page 44: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/44.jpg)
44
![Page 45: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/45.jpg)
45
» Quality of the programme and project plans (completeness and reasonability)
![Page 46: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/46.jpg)
46
![Page 47: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/47.jpg)
47
![Page 48: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/48.jpg)
48
![Page 49: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/49.jpg)
49
![Page 50: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/50.jpg)
50
RISK SCENARIOS
![Page 51: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/51.jpg)
51
111 risk scenarios
![Page 52: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/52.jpg)
52
It is possible to identify for any given risk scenario that would exceed risk appetite, a set of COBIT 5 enablers that mitigate the risk scenario.
COBIT 5 enablers:
Process enablers
Organisational structures enablers
Culture, ethics and behavior enablers
Information enablers
Services, infrastructures and applications enablers
People, skills and competencies enablers
RISK MITIGATION
![Page 53: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/53.jpg)
53
RISK MITIGATION PROCESS ENABLERS
![Page 54: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/54.jpg)
54
RISK MITIGATION STRUCTURE ENABLERS
![Page 55: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/55.jpg)
55
RISK MITIGATION CULTURE, INFORMATION, SERVICES, PEOPLE ENABLERS
![Page 56: COBIT 5 FOR IT RISK MANAGEMENT 5 FOR IT RISK MANAGEMENT ... IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, ... ISACA plans a capability to facilitate COBIT user mapping](https://reader031.vdocuments.us/reader031/viewer/2022021822/5b1b76e37f8b9a46258e8eea/html5/thumbnails/56.jpg)
56
The knowing-doing gap
• While organisations do recognise the importance of IT risk governance/management, they are still struggling with getting governance practices implemented and embedded into their organisations (‘knowing-doing gap’)
• Need for an organizational system, i.e. “the way a firm gets its people to work together to carry out the business”. (De Wit and Meyer, 2005).