From cyberattacks and malicious employee actions to hacks into corporate social media accounts, 2013 is turning out to be a watershed year for technology-related enterprise threats, reports ISACA (previously the Information Systems Audit and Control Association).
A guide issued by the global IT association says that organisations must integrate technology risk much more aggressively into enterprise risk management (ERM) if they want to reduce future loss and improve business performance. Mismanaging IT risk can reduce business value, create financial loss, damage corporate reputation and overlook promising new opportunities.
According to a study by the Project Management Institute (PMI), every billion dollars that an enterprise spends represents US$135m in risk. In response, ISACA has launched ‘COBIT 5 for Risk’, developed by a global committee of risk professionals, which provides a detailed guide to governing and managing IT risk in the face of today’s unpredictable threats.
“The 2013 risk landscape is unprecedented, marked by deliberate employee actions like the Snowden leaks, denial-of-service [DoS] attacks against major banks, hacks into prominent Twitter and Facebook accounts, and cyberattacks against both businesses and government,” said Steven Babb, chair of the COBIT 5 for Risk task force. “It’s no longer enough to identify a risk and add it to a risk register. COBIT 5 for Risk provides key guidance on tying IT risk directly to strategic business outcomes.”
COBIT 5 for Risk, available at www.isaca.org/cobit5forrisk, is based on the globally recognised COBIT 5 framework for the governance and management of enterprise IT. The guide provides 20 risk scenario categories with potential responses. These scenarios include employee sabotage and theft, data breaches, disclosure of sensitive information through social media, industrial espionage, and support for innovation.
The publication, which replaces the former Risk IT framework, also includes guidance on how COBIT 5 supports risk management and governance and how to set up and maintain an effective and efficient risk function based on COBIT’s seven enablers:
- Principles, policies and frameworks.
- Organisational structures.
- Culture, ethics and behaviour.
- Services, infrastructure and applications.
- People, skills and competencies.
The guide is intended for:
- Risk professionals, to help them manage risk and incorporate IT risk into enterprise risk management (ERM).
- IT and business management, to help them understand how to identify and manage IT risk, and how to communicate IT risk to business decision makers.
- Boards and executive management, to help them understand the implications of IT risk on the enterprise’s strategic objectives—and how to optimise IT for successful strategy execution.
COBIT 5 for Risk can be purchased from www.isaca.org/cobit5forrisk. The COBIT 5 framework publication can be downloaded free of charge at www.isaca.org/cobit.
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.
Using data for predictive analytics is the future of banking success, argued Jean-Laurent Bonnafé, CEO of BNP Paribas, in his session on how the bank is reinventing its approach to innovate with and for corporates.
The EU and US’ shift in accounting standards may bring balance sheet losses and increase credit risk, according to James Elder, director of risk services at Standard & Poor’s (S&P) Global.
Sibos 2017 day two highlights: Brexit and banking, and why ‘data is the new oil’ in financial services
How nation first politics can impact global financial organisations It’s clear that data and regulation are the two key topics that are ... read more