Cobit-3 - RACI Chart Board of Directors Governance Practice...

This preview shows page 1 - 3 out of 9 pages.

RACI Chart – Board of DirectorsGovernance PracticeBoardEDM03.01Evaluate risk management.AEDM03.02Direct risk management.AEDM03.03Monitor risk management.ARACI Chart - ManagementManagementPracticeChief ExecutiveOfficerChiefInformationSecurity OfficerChiefRiskOfficerChiefInformationOfficerAPO12.01Collect data.IRRAAPO12.02Analyze risk.ICRAAPO12.03Maintain a riskprofile.ICARAPO12.04Articulate risk.ICRAAPO12.05Define a riskmanagementaction portfolio.ICARAPO12.06Respondto risk.IRRABoard of Directors –1. EDM03.01 Evaluate risk management.Continually examine and make judgment on the effect of risk on the current and future use of IT in theenterprise. Consider whether the enterprise’s risk appetite is appropriate and that risk to enterprisevalue related to the use of IT is identified and managed.ACTIVITYDETAILED ACTIVITIES1.Determine the level of IT-related risk thatthe enterprise is willing to take to meet its riskobjectives.2.Evaluate and approve proposed IT risktolerance thresholds against the enterprise’sacceptable risk and opportunity levels.
3.Determine the extent of alignment of the ITrisk strategy to enterprise risk strategy.
We have textbook solutions for you!
/Systems-Analysis-and-Design-12th-Edition-9780357117811-617/
The document you are viewing contains questions related to this textbook.
Chapter 3 / Exercise 5
Systems Analysis and Design
Tilley
Expert Verified
enterprise decisions are made.5.Determine that IT use is subject toappropriate risk assessment and evaluation,as described in relevant international andnational standards.6.Evaluate risk management activities toensure alignment with the enterprise’scapacity for IT-related loss and leadership’stolerance of it.enterprise’s capacity for loss and the tolerancelimits.2.EDM03.02 Direct risk management.Direct the establishment of risk management practices toprovide reasonable assurance that IT risk management practices are appropriate to ensure that theactual IT risk does not exceed the board’s risk appetite.ACTIVITYDETAILED ACTIVITIES1.Promote an IT risk-aware culture andempower the enterprise to proactively identifyIT risk, opportunity and potential businessimpacts.2.Direct the integration of the IT risk strategyand operations with the enterprise strategicrisk decisions and operations.3.Direct thedevelopmentofriskcommunication plans (covering all levels of theenterprise) as well as risk action plans.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 9 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
SreenivasKumar
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Systems Analysis and Design
The document you are viewing contains questions related to this textbook.
Chapter 3 / Exercise 5
Systems Analysis and Design
Tilley
Expert Verified

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture