Manage Risk - Morland-Austin

IT GRC Knowledge Base » IT Governance Management » IT Governance – COBIT 5 » Management – Plan (Align, Plan & Organise) » Manage Risk

This article provides an overview and summary of the COBIT 5 process Manage Risk, which is part of the Management – Plan (Align, Plan and Organise) domain.

The purpose of this COBIT 5 process is to continually identify, assess and reduce IT risks within the levels of tolerance set by organisation and IT executive management. The goal is to integrate the management of IT risks with overall organisation ERM programme.

The following sub-governance processes are further supported by a list of control activities:

Collect data. Identify and collect relevant data to IT risk assessments and reporting.
Analyse risks. Develop useful information to support risk decisions.
Maintain a risk profile. Maintain an inventory of known risk and risk attributes.
Articulate risks. Provide information on the current state of IT exposures and opportunities.
Define a risk management action portfolio. Manage opportunities to reduce risk to an acceptable level.
Respond to risks. Respond in a timely manner with effective measures.

For more information please contact Morland-Austin at info@morland-austin.com.

Find your way around our IT GRC Framework Educate & Explore

Where next?

Increase your knowledge
Links & relationships within the framework

Find out how Manage Risk link(s) and relate(s) to:

Speak to one of our experts

Our IT GRC experts can help you with guidance and consultancy on ‘IT Governance – COBIT 5’