General Risk Management Flashcards
What is Risk?
The combination of the probability of an event and its consequence
What is Governance?
The accountability for protection of the assets of an organisation and the system by which organisation are evaluated, directed and controlled.
What is value creation comprised of?
Benefits realisation, risk optimisation and resource optimisation
What are the 4 common risk governance objectives?
- Establish and maintain a common risk view.
- Integrate risk management into the enterprise
- Make risk-aware business decisions
- Ensure risk management controls are implemented and operating correctly
What is Risk Management?
Coordinated activities to direct and control an organisation with regards to risk
What does risk management start with?
the organisation and the environment or context in which it operates
What are the 3 main things to consider when assessing an organisation context in relation to risk?
- Evaluating the intent and capability of threats
- The relative value of assets or resources
- The presence and extent of vulnerabilities
What are the 3 main IT related risk areas?
- IT Benefit / Value Enablement Risk
- IT Programme and Project Delivery Risk
- IT Operations and Service Delivery Risk
What are the 3 levels of an organisation where risk must be evaluated?
- strategic level
- business unit level
- information systems level
What are the 4 stages of the risk management lifecycle?
- IT Risk Identification
- IT Risk Assessment
- Risk Response and Mitigation
- Risk and Control Monitoring and Reporting
When calculating IT risk, should the risk practitioner calculate the risk solely based on the impact to IT?
No, the risk practitioner must consider whether the impact affects the wider business supported by the IT system rather than just IT alone
