RACI Chart – Board of DirectorsGovernance PracticeBoardEDM03.01Evaluate risk management.AEDM03.02Direct risk management.AEDM03.03Monitor risk management.ARACI Chart - ManagementManagementPracticeChief ExecutiveOfficerChiefInformationSecurity OfficerChiefRiskOfficerChiefInformationOfficerAPO12.01Collect data.IRRAAPO12.02Analyze risk.ICRAAPO12.03Maintain a riskprofile.ICARAPO12.04Articulate risk.ICRAAPO12.05Define a riskmanagementaction portfolio.ICARAPO12.06Respondto risk.IRRABoard of Directors –1. EDM03.01 Evaluate risk management.Continually examine and make judgment on the effect of risk on the current and future use of IT in theenterprise. Consider whether the enterprise’s risk appetite is appropriate and that risk to enterprisevalue related to the use of IT is identified and managed.ACTIVITYDETAILED ACTIVITIES1.Determine the level of IT-related risk thatthe enterprise is willing to take to meet its riskobjectives.2.Evaluate and approve proposed IT risktolerance thresholds against the enterprise’sacceptable risk and opportunity levels.
Get answer to your question and much more
3.Determine the extent of alignment of the ITrisk strategy to enterprise risk strategy.
Get answer to your question and much more