Blog 2 - Risk

Because risk is a huge part of IT governance, COBIT 5 for Risk should be a common reference for business owners. It focuses specifically on providing guidance for risk professionals, and provides a comprehensive set of risk scenarios (ISACA, 2013). 

If we look at how businesses manage risk in a real world context, we can look at an example structure within an organization that minimizes risk. 

Where I work, the associate working on the floor will count the till first, and then the supervisor/manager must count it for a second time to make sure everything adds up correctly with what the figure says on the system. This is one example of implementing an organizational structure outlining separation of duties (Harmer & Geoff, 2014) which is a key enabler used in order to mitigate risk.

Using enablers allows a holistic approach. This is needed in order to meet stakeholder requirements, as well as integrating operations and security (Van Akkeren, 2015).

Below are 5 precautions that I think organizations should take in order to avoid risk:

Ensure there is a positive workplace culture, by creating a tone at the top which promotes ethical and reliable practices within.

Outline and explain comprehensive fraud related policies to all workers.

Maintain adequate internal controls (is separation of duties) which are monitored and revised consistently.

Conduct an internal audit.

Conduct background checks on new employees.

References

ISACA.(2013). Cobit 5 Framework. Retrieved from http://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx

Harmer, Geoff (2014). Governance of Enterprise IT based on COBIT 5 : A Management Guide. Retrieved from http://www.eblib.com

Van Akkeren, J. (2015). AYB115 Governance, Fraud & Investigation. Week 3: [Slides]. Retrieved from https://blackboard.qut.edu.au/webapps/blackboard/content/listContent.jsp?course_id=_116816_1&content_id=_5376704_1&mode=reset