Entity/Business Unit/Department/Division
Name
Entity strategic role and objectives
Assessment date
Assessor(s) name
Assess...
Upcoming SlideShare
Loading in...5
×

Enterprise Information Technology Risk Assessment Form

432

Published on

The form is derived from ISACA toolkit on IT Risk Management.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
432
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enterprise Information Technology Risk Assessment Form

  1. 1. Entity/Business Unit/Department/Division Name Entity strategic role and objectives Assessment date Assessor(s) name Assessor(s) job title Assessor(s) Entity/Business Unit/Department/Division Assessor(s) email, phone # and location Version Major business processes IT infrastructure and applications supporting major business process Important dependencies Risk Factor (Reference) Assessment Rating Comment External Environment Market Rate of change Industry/competition Geographical situation Political condition Regulatory environment Technology status and evolution Vendor Management Internal Environment Strategic importance of IT for the entity Operational importance of IT for the entity Complexity of IT (human resource, software, systems) Complexity of organisation Degree of change Change management capability Risk management philosophy and values Risk appetite of the entity Operating model Risk Management Capability (Risk IT) Risk Governance (RG) Risk Evaluation (RE) Risk Response (RR) IT Management Capability (COBIT 5) Plan and Organise (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) Value Management Capacity (ValIT) Value Governance (VG) Programme Management (PM) Investment Management (IM) Top Five Risk Factors Top Five IT Risk Scenarios Approval Name: Signature: Approval Job Title: Approval Entity: Approval Date: Medium Entity is dependent on IT and/or some IT risks are not well controlled High Entity is very dependent on IT and/or significant IT risk management deficiencies exist Part III—Conclusion Part IV—Assessment Approval I am satisfied that the risks are not significant and/or adequately controlled and that the resources required will be provided Enterprise IT Risk Assessement Form Part II—Risk Factor Assessment Part I—Description Overall high-level IT risk rating (based on results of the assessment of all risk factors below) Low Entity is marginally dependent on IT and/or IT risk is well controlled

×