Risk Management using COBIT

In addition to the two COBIT 5 processes that deal specifically with risk, EDM03 Ensure Risk Optimisation and APO12 Manage Risk, there is an additional COBIT 5 guide for RISK which deals with two perspectives: the risk function and the risk management process.

The risk function perspective describes how the COBIT 5 enablers can be used to implement effective and efficient risk governance and management. The COBIT 5 for Risk guide contains a wealth of practical examples of artefacts from the risk management process. 

The COBIT 5 generic enablers are Stakeholders, Goals, Life-cycle and Good Practices. They provide a general perspective of what the Risk function should consider when fulfilling their responsibilities. More specific guidance can be found in the enablers themselves:

  1. Principles, Policies and Frameworks
  2. Processes
  3. Organisational structures
  4. Culture, Ethics and Behaviour
  5. Information
  6. Services, Infrastructure and Applications
  7. People, Skills and Competencies.

The ITGN combines this knowledge into an approach to risk management which is both effective and efficient. As with all processes, the risk management function and its processes are designed to achieve specific outcomes that align with the businesses goals and the organisations strategic objectives. The ITGN approach combines the best practices of COSO and ISO 31000 with the COBIT 5 risk management knowledge pool to build capability in managing risk in accordance with the ISO 15504 standard for capability improvement.

Core to any risk management function is adding value. The ITGN assists organisations by:

  • clarifying the value proposition for managing risk,
  • identifying the required process activities that support the delivery of value, and
  • determining the key risk management responsibilities.  

COBIT 4 Maturity Assessment

The COBIT 4 Maturity Model can provide management with an initial, high-level view of the current level of organisational maturity.

Free COBIT MM tool

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top