The non-profit, independent IT Governance Institute is seeking public comment on its new IT risk framework, which is based on the globally recognized COBIT IT governance tool set. Comments on ‘Enterprise Risk: Identify, Govern and Manage IT Risk: The Risk IT Framework’ (Risk IT) will be accepted through 13 March 2009 at www.itgi.org/riskit

While COBIT (Control Objectives for Information and related Technology) sets good practices for the means of risk management, Risk IT sets good practices for the ends, by providing a framework for enterprises to identify, govern and manage risk.

The Risk IT framework explains IT risk and will enable users to:

* Integrate the management of IT risk into the overall enterprise risk management of the organization;
* Make well-informed decisions about the extent of the risk, the risk appetite and the risk tolerance of the enterprise;
* Understand how to respond to risk.

Risk IT is designed for:
* Top executives and boards of directors who need to set direction and monitor risk at the enterprise level;
* Managers of IT and business departments who need to define risk management processes;
* Risk management professionals who need specific IT risk guidance;
* External stakeholders.

The framework has nine business processes divided into three domains: Risk Governance, Risk Evaluation and Risk Response. It also offers management guidelines, RACI (Responsible, Accountable, Consulted and Informed) charts, maturity models and goals and metrics.

As the Risk IT initiative evolves, it will include practitioner guidance, case studies and supporting materials.

•Date:12th February 2009• Region: World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here