Complete View
Complete View
Models
Integration of IT Risk Assessment-Risk Management into business governance
1. Corporate Governance Frameworks
Data - general
Data - general
Design
Design of business processes
Develop projects plans
Evaluate Framework implementation scenarios
Execute projects
Perform Governance Framework gap analysis
Perform internal/external audit
Test Governance Framework environment
Design of IT services
Design IT service
Development of IT services
Develop IT service
Execution
Disclose required information
Manage changes in environment
Monitor changes in Governance Frameworks
Requirements
Basel II
Requirements - Basel II
MIFID
Requirements MIFID - DIRECTIVE 2004/39/EC
Requirements MIFID - DIRECTIVE 2006/73/EC
Requirements MIFID - REGULATION (EC) No 1287/2006
SOX
Requirements SOX
Roles - general
Roles - general
2. ICS
Design
ICS main processes
Analyse internal environment ICS ERM
Assess risks ICS ERM
Define risk response ICS ERM
Establish control activities ICS ERM
Information & communication ICS ERM
Set objective ICS ERM
ICS subprocesses
Assess and evaluate IT risks ICS
Assess IT environment ICS
Define business controls ICS
Define IT controls ICS
Document procedures and processes ICS ERM
Evaluate possible risk responses ICS ERM
Design Internal Control System
Execution
ICS main processes
Collect event details ICS
Develop reports
Information & communication ICS ERM
Monitor business operations ICS ERM
Monitor IT operations ICS
Execute Internal Control System
Internal Control System
3. ERM
ERM process
ERM main processes
Analyse internal environment ICS ERM
Assess risks ICS ERM
Define risk response ICS ERM
Establish control activities ICS ERM
Identify events ERM
Information & communication ICS ERM
Set objective ICS ERM
ERM subprocesses
Document procedures and processes ICS ERM
Evaluate possible risk responses ICS ERM
Enterprise Risk Management overview
4. RM/RA Framework
Data model
RM Exchange Data
Risk Management
Risk Management processes CGF
IT Definition of Scope and Framework - CGF
IT Monitor and Review - CGF
IT Risk Acceptance - CGF
IT Risk Assessment - CGF
IT Risk Communication - CGF
IT Risk Treatment - CGF
Risk Management processes ERM
IT Definition of Scope and Framework - ERM
IT Monitor and Review - ERM
IT Risk Acceptance - ERM
IT Risk Assessment - ERM
IT Risk Communication - ERM
IT Risk Treatment - ERM
Risk Management processes ICS
IT Definition of Scope and Framework - ICS
IT Monitor and Review - ICS
IT Risk Acceptance - ICS
IT Risk Assessment - ICS
IT Risk Communication - ICS
IT Risk Treatment - ICS
IT Definition of Scope and Framework
IT Monitor and Review
IT Risk Acceptance
IT Risk Assessment
IT Risk Communication
IT Risk Treatment
Operational Processes
Role model
IT RM Roles
Governance Framework implementation
IT RM process overview