Click here to load reader
Upload
goutama-bachtiar
View
325
Download
1
Embed Size (px)
DESCRIPTION
The form is derived from ISACA toolkit on IT Risk Management.
Citation preview
Entity/Business Unit/Department/Division
Name
Entity strategic role and objectives
Assessment date
Assessor(s) name
Assessor(s) job title
Assessor(s) Entity/Business
Unit/Department/Division
Assessor(s) email, phone # and location
Version
Major business processes
IT infrastructure and applications supporting
major business process
Important dependencies
Risk Factor (Reference) Assessment Rating Comment
External Environment
Market
Rate of change
Industry/competition
Geographical situation
Political condition
Regulatory environment
Technology status and evolution
Vendor Management
Internal Environment
Strategic importance of IT for the entity
Operational importance of IT for the entity
Complexity of IT (human resource, software,
systems)
Complexity of organisation
Degree of change
Change management capability
Risk management philosophy and values
Risk appetite of the entity
Operating model
Risk Management Capability (Risk IT)
Risk Governance (RG)
Risk Evaluation (RE)
Risk Response (RR)
IT Management Capability (COBIT 5)
Plan and Organise (PO)
Acquire and Implement (AI)
Deliver and Support (DS)
Monitor and Evaluate (ME)
Value Management Capacity (ValIT)
Value Governance (VG)
Programme Management (PM)
Investment Management (IM)
Top Five Risk Factors
Top Five IT Risk Scenarios
Approval Name: Signature:
Approval Job Title:
Approval Entity:
Approval Date:
Medium
Entity is dependent
on IT and/or some IT risks are
not well controlled
High
Entity is very dependent
on IT and/or significant
IT risk management
deficiencies exist
Part III—Conclusion
Part IV—Assessment Approval
I am satisfied that the risks are not significant and/or adequately controlled and that the resources required will be provided
Enterprise IT Risk Assessement Form
Part II—Risk Factor Assessment
Part I—Description
Overall high-level IT risk rating (based
on results of the assessment of all risk
factors below)
Low
Entity is marginally dependent
on IT and/or IT risk is well
controlled