Risk Management using COBIT

In addition to the two COBIT 5 processes that deal specifically with risk, EDM03 Ensure Risk Optimisation and APO12 Manage Risk, there is an additional COBIT 5 guide for RISK which deals with two perspectives: the risk function and the risk management process.

The risk function perspective describes how the COBIT 5 enablers can be used to implement effective and efficient risk governance and management. The COBIT 5 for Risk guide contains a wealth of practical examples of artefacts from the risk management process. 

The COBIT 5 generic enablers are Stakeholders, Goals, Life-cycle and Good Practices. They provide a general perspective of what the Risk function should consider when fulfilling their responsibilities. More specific guidance can be found in the enablers themselves:

  1. Principles, Policies and Frameworks
  2. Processes
  3. Organisational structures
  4. Culture, Ethics and Behaviour
  5. Information
  6. Services, Infrastructure and Applications
  7. People, Skills and Competencies.

The ITGN combines this knowledge into an approach to risk management which is both effective and efficient. As with all processes, the risk management function and its processes are designed to achieve specific outcomes that align with the businesses goals and the organisations strategic objectives. The ITGN approach combines the best practices of COSO and ISO 31000 with the COBIT 5 risk management knowledge pool to build capability in managing risk in accordance with the ISO 15504 standard for capability improvement.

Core to any risk management function is adding value. The ITGN assists organisations by:

  • clarifying the value proposition for managing risk,
  • identifying the required process activities that support the delivery of value, and
  • determining the key risk management responsibilities.