Module 03_Governance
of Enterprise IT

2_GRC Framework - (B)

Risk Management

Key mgt. practices
of RM

collect data

analyse risk

Maintain a risk profile

articulate risk

define risk mgt. action portfolio

Risk categories

Business risks

Market risks

FInancial risks

Operational risks

Strategic risks

IT risks

Compliance risks

Risk mgt. Strategies

Accept

Eliminate

transfer/share

Treat/mitigate

Ignore

Risk Mgt. Process

Risk identification

Risk evaluation

Risk prioritisation

Risk response

Risk mitigation

Risk monitoring

4_Key Enablers of GEIT

7 Enablers of COBIT5

Principles, policies & framework

Processes

Operational structures

Culture, ethics & behaviour

Information

Services, infrastructure & applications

People, skills & competence

5_Performance Management System

Goal setting

Balanced Scorecard (BSC)

1_Concepts

A

Enterprise Governance

Corporate Governance

Governance

Conformance / Corporate

Performance / Business

GEIT Objectives

Benefit realisation

RIsk Optimization

Resource Optimisation

2_GRC Framework - (A)

COSO

Categories of
Objectives of COSO

Operations objective

Reporting objective

Compliance objective

Components
of COSO

Control environment

RIsk assessment

Control activity

Information & communication

Monitoring activities

COBIT 5

5 Principles of COBIT 5

Meeting stakeholder
needs

End to end coverage of Enterprise

Applying a single integrated framework

Enabling a holistic approach

Separating Governance from management

3_GEIT & GRC

GRC as per Clause 49

Risk management

CEO/CFO Certification

Internal Control

Audit certification

IT BSC

User orientation perspective

Operational excellence perspective

Future orientation perspective

Business contribution perspective

CIMA
Strategic Scorecard

Strategic position

Strategic options

Strategic implementation

Strategic risk

6_Implementing Governance & management practices

Systematic approach for implementing GEIT

Implementing GEIT in specific areas

Stakeholders in implementing GEIT