Services - Risk Assessment
Key Benefits
 |
The firm will have a detailed understanding of the risks that need to be addressed in the IT environment.
|
|
The Risk Assessments have been generated in terms of the COBIT Framework which is an international standard developed by ISACA.
|
|
|
|
Risk Assessment may reflect where savings can be made due to duplication of efforts.
|
|
Performing Risk Assessment and addressing the risks exposed, brings the Company into line with the King II report. |
Capabilities
This Risk Assessment process has been developed in a series of levels so as to focus the detailed risk assessment on only those areas that require assessing
|
Level 1 has been generated using the 34 COBIT processes. This questionnaire can be completed by the management of the company as it only requires "Yes" or "No" answers and enables the audit to focus on Process that are present within the environment. Thus reducing the scope of the audit in terms of the COBIT Management Executive Summary.
Click here for information on Level 1 of Risk Assessment
|
| |
|
Level 2 has been generated for the sections under each process. It is best that this is facilitated by InfoTechAudit cc however it could be completed together with management and your IT specialist. Again, this has enabled the audit to be focused on existing areas refining the scope of the audit in terms of COBIT Management Control Objectives. Naturally should you choose to perform these two sections in house a management letter will be required to that effect so as to enable InfoTechAudit cc to refine its Risk Assessment plan accordingly.
Click here for information on Level 2 of Risk Assessment
|
| |
|
Level 3 questionnaire is totally different from the previous questionnaires as it is design to be facilitated by InfoTechAudit cc and has been structured so as to comply with the COBIT Management Maturity Model. This level assesses the generic risks that are present in each section of the processes and enables the client to obtain a general overview of risk in their IT environment in terms of the COBIT Management Control Objectives.
Click here for information on Level 3 of Risk Assessment
|
| |
|
Level 4 devolves the generic risks down further so as to enable the client to evaluate the components of each generic risk in terms of the COBIT Audit Guidelines this will assist the client in addressing any risks that there may be within the environment.
Click here for information on Level 4 of Risk Assessment
|
| |
|
Level 5 devolves the level 4 assessment enhanced from ISO 17799 and ITEL at the clients request.
Click here for information on Level 5 of Risk Assessment |
| |
Risks are evaluated in terms of impact ($ value) and probability. These may be expressed in different ways. There are 4 different ways in which a risk may be addressed.
Ignore it. The risk is not material and consequently should it eventuate it will not cause serious problems.
Transfer it. This can be done by insurance or transferring the function "out of house".
Reduce it. Here steps are taken to address the risk areas and to reduce them to acceptable levels.
Manage it. This is an ongoing process that requires the continual review of the risk to ensure that it does not eventuate.
Risk Management is a complete discipline on its own and InfoTechAudit cc have the knowledge and experience to be able to analyze and advise how best to address the risks that are highlighted in the Risk Assessment. This they would do on a consultancy basis.
Two reports would be produced at the end of this process.
The first would be an Executive report so as to provide management with an overview of the status of their IT environment.
The second report would be a detailed report which may be handed to the IT specialist in order for him/her to address the individual risks that have been identified.
|
