Week 2 - Information Risk Management - GRC COBIT

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

Information

Risk Management:
GRC & COBIT
By Kavinga Yapa Abeywardena
Sri Lanka Institute of Information Technology (SLIIT)
Governance, Risk Management,
Compliance (GRC)
• An ‘umbrella term’ that covers these three areas
of enterprise activities (Not just IT)
• Constantly reviewed and analysed to enhance
the organisations performances and efficient
delivery of stakeholder needs.
• GRC activities are typically based on principles,
policies, models, frameworks, organisational
structures. Etc.
Governance, Risk Management,
Compliance (GRC)
• Governance: Exercise of authority; control;
government; arrangement.
• Risk (management ): Hazard; danger; peril;
exposure to loss, injury, or destruction (The act
or art of managing; the manner of treating,
directing, carrying on, or using, for a purpose;
conduct; administration; guidance; control)
• Compliance: The act of complying; a yielding; as
to a desire, demand, or proposal; concession;
submission
Webster’s Online Dictionary
Governance, Risk Management,
Compliance (GRC)
Simpler Definitions

• Governance: Effective management of a company by


executives & senior management

• Risk (management ): Ability to effectively mitigate


risks that deter company's success

• Compliance: Abiding by rules, regulations, laws and


industrial ethics & standards
Governance, Risk Management,
Compliance (GRC)
• Different types of GRC
• Corporate GRC
• Project GRC
• Information Technology GRC
• Environmental GRC
• Economic and financial GRC
IT GRC
• IT Governance: Establishes decision structures
and tracking mechanisms.

• IT Risk Management: Helps mitigate adverse


effects and identifies opportunities.

• IT Compliance: Ensure that an organization is not


only adhering to laws and regulations, but is also
taking into account corporate responsibilities
and industry standards.
What’s New in IT GRC ?
• IT GRC initiatives have traditionally been scattered
across organizations without any coordination or
synchronization.
• Need a unified approach for better results and
efficiency. ‘Holistic Approach’ is the buzz word used
in the industry.
• High demand for products that help organizations
effectively break down scattered initiatives & create
a centralized approach to managing RISK and
COMPLIANCE while simultaneously ensuring good
GOVERNANCE.
COBIT for IT GRC
• COBIT is a framework that guides IT professionals
and enterprise leaders to fulfill their IT governance
responsibilities while delivering value to the
business.
• Developed and maintained by ISACA (Information
Systems Audit and Control Association), COBIT 5 is
the latest version.
COBIT Case Study
• Exercise:
• Go to the following website and pick a COBIT 5 case
study. Try to identify GRC components within the case
study.

• http://www.isaca.org/COBIT/Pages/Recognition.aspx

• Note: Case studies may only refer to one or more GRC


components.
QUESTIONS ?

You might also like