The Risk IT Practitioner Guide

Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize opportunities and seek greater return with less risk. It works at the intersection of business and IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives. It extends COBIT, the globally recognized IT governance framework, and saves time, cost and effort by providing enterprises with a way to focus effectively on IT-related business risk areas, including risks related to late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.

The Risk IT Practitioner Guide, a support document for the Risk IT framework, provides examples of possible techniques to address IT-related risk issues, and more detailed guidance on how to approach the concepts covered in the process model.

Concepts and techniques explored in more detail include:

• Building enterprise-specific scenarios, based on a set of generic IT risk scenarios
• Building a risk map, using techniques to describe the impact and frequency of scenarios
• Building impact criteria with business relevance
• Defining key risk indicators (KRIs)
• Using COBIT and Val IT to mitigate risk; the link between risk and COBIT control objectives and Val IT key management practices