Cobit-3 - RACI Chart Board of Directors Governance Practice Board EDM03.01 Evaluate risk management. A EDM03.02 Direct risk

RACI Chart – Board of DirectorsGovernance PracticeBoardEDM03.01Evaluate risk management.AEDM03.02Direct risk management.AEDM03.03Monitor risk management.ARACI Chart - ManagementManagementPracticeChief ExecutiveOfficerChiefInformationSecurity OfficerChiefRiskOfficerChiefInformationOfficerAPO12.01Collect data.IRRAAPO12.02Analyze risk.ICRAAPO12.03Maintain a riskprofile.ICARAPO12.04Articulate risk.ICRAAPO12.05Define a riskmanagementaction portfolio.ICARAPO12.06Respondto risk.IRRABoard of Directors –1. EDM03.01 Evaluate risk management.Continually examine and make judgment on the effect of risk on the current and future use of IT in theenterprise. Consider whether the enterprise’s risk appetite is appropriate and that risk to enterprisevalue related to the use of IT is identified and managed.ACTIVITYDETAILED ACTIVITIES1.Determine the level of IT-related risk thatthe enterprise is willing to take to meet its riskobjectives.2.Evaluate and approve proposed IT risktolerance thresholds against the enterprise’sacceptable risk and opportunity levels.

Get answer to your question and much more

3.Determine the extent of alignment of the ITrisk strategy to enterprise risk strategy.

Get answer to your question and much more

We have textbook solutions for you!

/Systems-Analysis-and-Design-12th-Edition-9780357117811-617/

The document you are viewing contains questions related to this textbook.

Chapter 3 / Exercise 5

Systems Analysis and Design

Tilley

Expert Verified

View Solutions

Browse all Textbook Solutions

enterprise decisions are made.5.Determine that IT use is subject toappropriate risk assessment and evaluation,as described in relevant international andnational standards.6.Evaluate risk management activities toensure alignment with the enterprise’scapacity for IT-related loss and leadership’stolerance of it.enterprise’s capacity for loss and the tolerancelimits.2.EDM03.02 Direct risk management.Direct the establishment of risk management practices toprovide reasonable assurance that IT risk management practices are appropriate to ensure that theactual IT risk does not exceed the board’s risk appetite.ACTIVITYDETAILED ACTIVITIES1.Promote an IT risk-aware culture andempower the enterprise to proactively identifyIT risk, opportunity and potential businessimpacts.2.Direct the integration of the IT risk strategyand operations with the enterprise strategicrisk decisions and operations.3.Direct thedevelopmentofriskcommunication plans (covering all levels of theenterprise) as well as risk action plans.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 9 pages?

Upload your study docs or become a

Course Hero member to access this document

Term

Fall

Professor

SreenivasKumar

Cobit-3 - RACI Chart Board of Directors Governance Practice...

We have textbook solutions for you!

Share this link with a friend:

We have textbook solutions for you!

Other Related Materials