Entity/Business Unit/Department/Division

Name

Entity strategic role and objectives

Assessment date

Assessor(s) name

Assessor(s) job title

Assessor(s) Entity/Business

Unit/Department/Division

Assessor(s) email, phone # and location

Version

Major business processes

IT infrastructure and applications supporting

major business process

Important dependencies

Risk Factor (Reference) Assessment Rating Comment

External Environment

Market

Rate of change

Industry/competition

Geographical situation

Political condition

Regulatory environment

Technology status and evolution

Vendor Management

Internal Environment

Strategic importance of IT for the entity

Operational importance of IT for the entity

Complexity of IT (human resource, software,

systems)

Complexity of organisation

Degree of change

Change management capability

Risk management philosophy and values

Risk appetite of the entity

Operating model

Risk Management Capability (Risk IT)

Risk Governance (RG)

Risk Evaluation (RE)

Risk Response (RR)

IT Management Capability (COBIT 5)

Plan and Organise (PO)

Acquire and Implement (AI)

Deliver and Support (DS)

Monitor and Evaluate (ME)

Value Management Capacity (ValIT)

Value Governance (VG)

Programme Management (PM)

Investment Management (IM)

Top Five Risk Factors

Top Five IT Risk Scenarios

Approval Name: Signature:

Approval Job Title:

Approval Entity:

Approval Date:

Medium

Entity is dependent

on IT and/or some IT risks are

not well controlled

High

Entity is very dependent

on IT and/or significant

IT risk management

deficiencies exist

Part III—Conclusion

Part IV—Assessment Approval

I am satisfied that the risks are not significant and/or adequately controlled and that the resources required will be provided

Enterprise IT Risk Assessement Form

Part II—Risk Factor Assessment

Part I—Description

Overall high-level IT risk rating (based

on results of the assessment of all risk

factors below)

Low

Entity is marginally dependent

on IT and/or IT risk is well

controlled