COBIT 5 for Risk

Effectively managing IT risk helps drive better business performance by linking information and technology risk to the achievement of strategic enterprise objectives.

Risk is generally defined as the combination of the probability of an event and its consequence. COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.

COBIT 5 for Risk provides:

• Stakeholders with a better understanding of the current state and risk impact throughout the enterprise
• Guidance on how to manage the risk to levels, including an extensive set of measures
• Guidance on how to set up the appropriate risk culture for the enterprise
• Quantitative risk assessments that enable stakeholders to consider the cost of mitigation and the required resources against the loss exposure
• Opportunities to integrate IT risk management with enterprise risk
• Improved communication and understanding amongst all internal and external stakeholders