Let's talk about the design factors of risk profile and I T related issues,
so we're going to cover risk profile and it related issues as design factors.
Another design factor in the co bit framework is the risk profile of the organization.
The risk profile addresses the current issues and risks as it relates toe I t. Resource Is and the I T architectures.
The risk profile will identify i t related risks to which the organization is subjected. Thio
thes risks should align with the organization's risk appetite,
and it should not exceed that.
If an organization in a highly regulated industry has a lower risk appetite,
meaning it's not willing to take on, ah, high risk that could result in severe penalties and even jail time.
The risks that the enterprise currently face should not exceed its risk appetite.
Thus, those risks need to be identified and mitigated.
This is an important part of the design factor. When creating a governance system to manage i t resource is
risks and in organizations, risk appetite will play a huge part in the design.
Examples of risks include hardware and software failures.
This affects the availability and sometimes the integrity of vital information that the company and I T resource is rely upon.
Thus, this is a risk that some organizations may not be willing to take on.
If your company works with real time data and any failures in service,
that could cause a loss of customers and revenue. And this is a big risk.
Non compliance is another example of a risk that should be identified
as we mentioned earlier. Non compliance may be a huge risk that can exceed the organization's risk appetite.
Thus the risk needs to be identified and included in the risk profile and design of the overarching government system.
Acts of nature such as hurricanes, earthquakes they can affect your I T re sources and information.
This risk may need to be addressed in the form of disaster recovery plans and business continuity plans.
Unauthorized incidents in which information is breached or altered could be another example of a risk.
Identify whether this risk exceeds your risk appetite and identify whether or not this is a risk to your organization is subjected thio.
These examples should get you thinking about the risks that organizations can face and how a risk profile is unnecessary design factor within your system.
Have any of thes aforementioned risks affected your business?
I t related issues air somewhat related to the risk profile,
but a design factor in and of itself
i t risk assessments are a way to determine what risks your I T infrastructure faces.
Consider which I t related risk are currently being experienced by your organization.
This design factor gives you a way to determine which I t related. Risk issues have materialized within your enterprise.
Examples of I T related risks can be service delivery problems from your I T vendor.
Is it causing the loss of time and resource is within your company?
Is this a risk that is experienced often and causing I T related issues
include this in your design for a governance program.
Another example could be the failure of i t to meet regulatory or contractual requirements.
Non compliance with laws and regulations and SLS can create not only financial loss but other penalties like jail time or cause detriment to your businesses reputation.
This is an I T specific related risk
audit findings that detect poor I t. Performance is another common issue that organizations face
poor I t performance is definitely an I T related issue and should be addressed in a nightie governance system.
The excessively high cost of I t. Is another example of a nightie related risk that I t re sources are not aligning and supporting the overall business goals and strategies.
Have any of these it related risks affected your organization.
So in this video, we talked about risk profile and I t related issues as design factors.