Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
Risk Identification and Assessment

Enhancing IT Risk Management: An Exposure Draft

February 1, 2009 2-min. read

The “Enterprise Risk: Identify, Govern and Manage IT Risk, The Risk Framework Exposure Draft” is part of the IT Governance Institute’s Risk IT initiative, which is dedicated to helping enterprises manage IT-related risk.  A compilation of IT practitioner’s and experts have come together and created the Risk IT Framework.  As part of the IT Governance Institute’s Risk IT initiative research activities, guidance, case studies and auxiliary services will be available that support the core Risk IT framework.  This framework is a compliment to the already existing and widely used COBIT framework, by providing risk management with ways to identify, govern and manage IT risk.  This document differs from other existing guidance because instead of focusing on one particular area of IT security, it focuses and covers all areas of IT risk. 

The exposure draft does not only complement COBIT, but it also fills some of the perceived gaps from the COSO ERM – Integrated Framework and is beneficial for numerous amounts of professionals ranging from board of directors to rating agencies.  The Risk IT Framework provides its users with many benefits and expected outcomes along with many examples and figures that help with facilitating the understanding of how to properly apply the Risk IT Framework.  These examples and figures also show different areas where management can be more effective and efficient when managing IT risk.  The document also lays out who is responsible and accountable for IT risk, the importance of awareness and communication of IT risk and the benefits of being aware of IT risk, how to properly respond to IT risk, the Risk IT process model, the Risk IT framework, along with a host of other important IT risk areas. 

It is important for organizations to realize that IT risk always exist, whether or not it is detected or recognized by an organization.  However, even though IT risk is always present, there are many safeguards management can put in place and may practices management can undertake that help mitigate many of the risks created by using IT.  This document helps management know which areas of its organization are more vulnerable to IT risk and processes management can perform to monitor those areas.  Also, the exposure draft provides steps on how to perform an enterprise wide risk assessment that can detect the IT risk vulnerabilities.  This document is very useful to management and can show management how to enhance IT risk management throughout their organization. 

Click to read the article.

Citation: “The Risk IT Framework” ISACA. Feb. 1, 2009.

More From Enterprise Risk Management Initiative

How do you effectively communicate risk insights to a board of directors?

Approaches to Communicating Risk Insights
Free ERM tool for creating a Risk Profile Summary to enhance risk management.

ERM Tool: Creating a Risk Profile Summary

ERM Tool: Using Porter’s Five Forces to Analyze Risks