IT Governance Institute Seeks Public Comments on New Risk IT Framework

09The nonprofit, independent IT Governance Institute is seeking public comment on its new IT risk framework, which is based on the globally recognized COBIT IT governance tool set. Comments on Enterprise Risk: Identify, Govern and Manage IT Risk: The Risk IT Framework (Risk IT) will be accepted through 13 March 2009 at www.itgi.org.

While COBIT (Control Objectives for Information and related Technology) sets good practices for the means of risk management, Risk IT sets good practices for the ends, by providing a framework for enterprises to identify, govern and manage risk.

Risk IT is designed for
Top executives and boards of directors who need to set direction and monitor risk at the enterprise level
Managers of IT and business departments who need to define risk management processes
Risk management professionals who need specific IT risk guidance
External stakeholders

The framework has nine business processes divided into three domains: Risk Governance, Risk Evaluation and Risk Response. It also offers management guidelines, RACI (Responsible, Accountable, Consulted and Informed) charts, maturity models and goals and metrics.

As the Risk IT initiative evolves, it will include practitioner guidance, case studies and supporting materials. Additional information is available at www.itgi.org/riskit.

The IT Governance Institute (ITGI) (www.itgi.org) is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help executives and IT professionals ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed COBIT and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.