The Emergence Of Risk Based Approaches

1686 Words7 Pages
Ch. 3.1 Emergence of Risk-Based Approaches Risk assessment is increasingly conducted by many groups within an organization to fulfil a variety of business and regulatory requirements. Various groups within the same organization often rely on guidance from different professional organizations to provide a framework for conducting the risk assessment. As financial organizations offer disparate approaches to risk assessment, they contribute to risk information. In this context, information systems and/or information technology risk assessment plays an entirely exceptional role in each organization. In risk emergence approach need to take care of: 1. IT integrates all different functional areas within an organization and thus it has a…show more content…
Yet, at the same time, seeking to eliminate all the risks, we can jeopardize the profit driving opportunities. In practice, there is no single unified solution to the complex situation mentioned. Therefore, there are many different risk assessment frameworks aiming at different goals and different tools. The incompatibility of various risk assessment frameworks can be recognized in three different aspects (dimensions): 1. Depth of coverage of IT; 2. Completeness of risk management scope; 3. Level of balance between the risk-focused vs. control-focused approaches. (Gordon, L. A., M. P. Loeb, 2001) Depth of coverage of IT Different risk management frameworks take into account the specifics of the IT area differently. COSO ERM, AS/NZS 4360, ISO 31000 and BASEL II are typical examples of not paying special attention to IT risk management. However, considering that Basel II is a very important standard for financial organizations, and at the same time these institutions introduce governance principles to their management systems, there is a need to integrate both the frameworks. In 2008, ISACA and ITGI introduced the document “Control Objectives for Basel II”. It provides a framework for managing the operational and information risk in the context of Basel II. It presents an outline of risk under Basel II, the links between the operational risk and the IT risk, and an approach for managing the information risk. On the other hand, focusing on
Open Document