3 hours 43 minutes
Now let's see how the objectives and components of a government system all mapped together.
In this video, we're going to talk about a governance objective. Example
BDM three with respect to process, organizational structures, information and people skills and competencies, and how each of these components contributes the fulfillment of a governance objective.
Let's take an example objective from the ADM domain.
We'll talk about the third objective, which is insured risk optimization.
The description of this objective is to ensure the risk, appetite and tolerance of the organization is communicated and understood within the enterprise.
It also focuses on ensuring that I t risk is managed within the organization.
The purpose of this objective is to ultimately ensure that I t risk does not exceed the risk appetite of the enterprise.
That includes identifying and managing I t related risks and minimizing compliance failures.
The enterprise goals that air supported by this governance objective is to manage business of risk and to allow for business service continuity and availability of I T systems and resource is
this alliance with the alignment goals of managing it related risks
and ensuring security of information processing infrastructure and applications and the overall privacy.
Let's take a look at the first enabler or component of this objective, which is process.
There are multiple processes within the E. D. M. Three objective.
We'll take a look at the first process for this governance objective. ADM 3.1.
There are three different process components that relate to the overall objective of e. D. M. Three.
The three processes include evaluating risk management,
directing risk management and monitoring risk management.
This components governance practice is to evaluate risk management.
This is to continually examine and evaluate the effective risk on the current and future use of the I T infrastructure.
It also urges members of the organization to consider whether the enterprises risk appetite is appropriate and ultimately it make sure that I t risk is identified and managed.
The example. Metrics for this component can be the level of unexpected enterprise impacts,
the percent of I t risk that exceeds the risk tolerance or the refreshment rate of risk factor evaluation.
The activities for this component include the understanding of organization and its context related toe. I t risk
determining the risk, appetite and determining the risk tolerance.
It's important to note the current capability level of the enterprise risk management and related activities
at what level is the organisation's e. R M. Already functioning?
Define the capability level and included in the governance program documentation.
The related guidance to this process is CO so Enterprise Risk Management published in June 2017.
The detailed reference to find out more information that relates to this component is listed here.
Let's talk about how organizational structures is a component of this government's objective.
For the organizational structure. You will relay the key governance practice, which we discussed earlier in this process component.
The three process components are evaluating risk management,
directing risk management and monitoring risk management.
We will then relate that back to the organizational role and assign who is accountable and who was responsible.
List out the organizational structures that will be included in this objective and key governance practices off evaluating, directing and monitoring risk management for overall insured risk optimization.
In this example, the board is accountable for these governance practices, and the chief risk officer is the one responsible.
You'll also want to lay out related guidance and detailed reference of where you confined what specifically relates to the accountability and responsibility of key governance practices
in the information, flows and items component of this governance objective. We're referring back to the three governance practice processes which are to evaluate,
direct and monitor risk management.
Correspondent Leigh will have inputs and outputs of information and information flows.
The inputs for evaluating risk management or ADM 3.1 will be the risk issues and factors,
and then it's corresponding. Output will be a risk appetite guidance
in regards to directing risk management.
The the input will be an aggregated risk profile, including the status of risk, and the output will be an improved process for measuring risk management
in relation to monitoring risk management. The input will be the risk analysis
and the output will be remedial actions to address risk management deviations to minimize risk.
In this component will also talk about a related guidance and detailed reference of where to find specific information that helps with each governance practice and the overall governance objective.
Do you see how the governance practices defined in the process component affects the inputs and outputs that contribute to the overall objective of insured risk optimization?
Let's keep going with the next component of people, skills and competencies.
In this component of the governance objective of insured risk, optimization will address the skills needed to fulfill the objective.
The skills would be business risk management and risk management skills.
There is related guidance listed here, and a detailed reference should be included of where to find those specific skills and competencies that relate to the supporting of the objective of risk optimization.
So in this video we talked about an overview of the government's objective e. D. M. Three and how
the process organizational structures, information on people, skills and competencies allow for idiom three to be implemented.