Bangalore<br />IT Governance & Risk Management<br />Julen C. Mohanty<br />Citicorp Services India Ltd<br />17th June 2011, The Oberoi, Bangalore <br />
DISCLAIMERS<br />Any views or opinions showcased in this presentation are solely those of the author and may not necessarily represent those of the Citigroup.<br />This document is meant for use of ITNEXT or it’s affiliated members. Has to be used within ITNEXT or it’s affiliated members and not to be forwarded to anyone outside ITNEXT or it’s affiliated members.<br />
IT Risk Controls</li></li></ul><li>What is Governance<br />Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures.<br />IT Governance primarily deals with connections between business focus and IT management. The goal of clear governance is to assure the investment in IT generate business value and mitigate the risks that are associated with IT projects.<br />
What is Risk Management<br />Risk management is the identification, assessment, and prioritization of risks <br /> followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.<br />Risk = Threat ∗ Vulnerability ∗ Asset<br />Severity of Risk = Likelihood * Impact<br />Residual Risk = Risk - Control<br /><ul><li> Risk and value are two sides of the same coin.
Risk is inherent to all enterprises.</li></ul>Enterprises need to ensure that opportunities for value creation are not missed by trying to eliminate all risk. <br />
Classification of IT Risk<br />IT Benefit/ Value Enablement Risk<br />IT Program/ Project Delivery Risk<br />IT Operations / Service Delivery Risk<br /><ul><li>Technology Enabler for new business Initiative
How to Act on Risk<br />PLAN<br />DO<br />PLAN<br />DO<br />CHECK<br />ACT<br />CHECK<br />ACT<br />PLAN (What, When, How)<br />DO <br />(Identify & Analyze )<br />Monitor & Reporting <br />(Watchful)<br />CHECK & ACT <br />(Mitigate & Control)<br />Continuous & Interlocked Process. <br />Definitely not Separate events<br />
IT Risk Controls<br />Business Objectives<br />Align With ERM<br />Control<br />IT Risk Management<br />Balance Cost/ Benefit of IT Risk<br />Accountability<br />Top Management Commitment<br />Communication<br />Function as part of Daily Activities<br />