Design Factors: Risk Profile and IT Related Issues

00:00

Let's talk about the design factors of risk profile and I T related issues,

00:07

so we're going to cover risk profile and it related issues as design factors.

00:13

Another design factor in the co bit framework is the risk profile of the organization.

00:19

The risk profile addresses the current issues and risks as it relates toe I t. Resource Is and the I T architectures.

00:26

The risk profile will identify i t related risks to which the organization is subjected. Thio

00:33

thes risks should align with the organization's risk appetite,

00:37

and it should not exceed that.

00:39

If an organization in a highly regulated industry has a lower risk appetite,

00:44

meaning it's not willing to take on, ah, high risk that could result in severe penalties and even jail time.

00:51

The risks that the enterprise currently face should not exceed its risk appetite.

00:56

Thus, those risks need to be identified and mitigated.

01:00

This is an important part of the design factor. When creating a governance system to manage i t resource is

01:07

risks and in organizations, risk appetite will play a huge part in the design.

01:14

Examples of risks include hardware and software failures.

01:18

This affects the availability and sometimes the integrity of vital information that the company and I T resource is rely upon.

01:26

Thus, this is a risk that some organizations may not be willing to take on.

01:30

If your company works with real time data and any failures in service,

01:34

that could cause a loss of customers and revenue. And this is a big risk.

01:40

Non compliance is another example of a risk that should be identified

01:45

as we mentioned earlier. Non compliance may be a huge risk that can exceed the organization's risk appetite.

01:51

Thus the risk needs to be identified and included in the risk profile and design of the overarching government system.

02:00

Acts of nature such as hurricanes, earthquakes they can affect your I T re sources and information.

02:07

This risk may need to be addressed in the form of disaster recovery plans and business continuity plans.

02:15

Unauthorized incidents in which information is breached or altered could be another example of a risk.

02:22

Identify whether this risk exceeds your risk appetite and identify whether or not this is a risk to your organization is subjected thio.

02:30

These examples should get you thinking about the risks that organizations can face and how a risk profile is unnecessary design factor within your system.

02:39

Have any of thes aforementioned risks affected your business?

02:50

I t related issues air somewhat related to the risk profile,

02:53

but a design factor in and of itself

02:57

i t risk assessments are a way to determine what risks your I T infrastructure faces.

03:02

Consider which I t related risk are currently being experienced by your organization.

03:08

This design factor gives you a way to determine which I t related. Risk issues have materialized within your enterprise.

03:17

Examples of I T related risks can be service delivery problems from your I T vendor.

03:23

Is it causing the loss of time and resource is within your company?

03:27

Is this a risk that is experienced often and causing I T related issues

03:31

include this in your design for a governance program.

03:36

Another example could be the failure of i t to meet regulatory or contractual requirements.

03:42

Non compliance with laws and regulations and SLS can create not only financial loss but other penalties like jail time or cause detriment to your businesses reputation.

03:53

This is an I T specific related risk

03:58

audit findings that detect poor I t. Performance is another common issue that organizations face

04:03

poor I t performance is definitely an I T related issue and should be addressed in a nightie governance system.

04:11

The excessively high cost of I t. Is another example of a nightie related risk that I t re sources are not aligning and supporting the overall business goals and strategies.

04:21

Have any of these it related risks affected your organization.