Course overview

A recent white paper issued by the Australian chapters of global IT association ISACA highlights the potential for security breaches and major technology disasters at leading Australian organisations, with 60% of IT professionals stating they do not believe all IT-related risks are being effectively managed. Furthermore, 64% of IT professionals believe the risk culture at their organisation is either moderately effective or not effective at all.

There is a common misperception in the industry that IT risks only include security-related IT risks, despite there being a range of different scenarios and potential IT issues that should be considered.” Organisations must relate IT risks to business goals and keep the business engaged to create support and executive involvement to address these challenges.

ISACA’s COBIT® 5 for Risk offers comprehensive guidance on management and governance of IT Risk.

This course provides introductory and practical coverage of all aspects of COBIT 5 for Risk, including its components, enablers and implementation guidance. Using relevant scenario or case study, this course will highlight how COBIT 5 for Risk can be used in parts or holistically in a simple and pragmatic way.

Learning outcomes

  • Gain a detailed understanding of COBIT 5 for Risk  professional guidelines
  • Familiarise or refresh with COBIT 5 framework and its components
  • Understand the differences between governance and management of IT Risk.
  • Develop the knowledge and skills required to advise organisations on best practices in governance and management of IT risk
  • Acquire the necessary insights to support an organisation in implementing, managing and improving an IT Risk Management program
  • Understand components of COBIT 5 for Risk guidance that can help you integrate with your Enterprise Risk Management Framework, compliant with ISO 31000 Principles and Generic Guidelines on Risk Management.

Who should attend

  • IT Risk Practitioners
  • Chief Risk officers (CROs)
  • Enterprise Risk managers
  • IT Risk Managers
  • CISO or Information Security Managers
  • IT Audit and Assurance professionals
  • Other IT Risk Management professionals

Course contents

1. COBIT 5 for Risk Overview
  • Overview of COBIT 5 framework
    • Detailed overview of COBIT 5 for Risk, and its components
    • Governance vs. Management of IT Risk
    • IT Risk Management Principles
    • Applying COBIT 5’s seven enabler model to IT Risk Management
    • Risk Appetite, Risk Capacity and Risk Tolerance
    • Generic and detailed IT Risk Scenario
    • Processes: EDM 3 Governance of Risk and APO 12 Manage Risk
    • Risk and Controls Matrix
  • Why should you choose COBIT 5 for Risk
2. Implementing or (re)-aligning your IT Risk Management Program: the COBIT 5 for Risk way
  • Overview of ISO 31000:2009, Risk management – Principles and guidelines
  • IT Risk Management program challenges
  • Critical success factors of a successful an IT Risk Management Program
  • Assessing your IT Risk Management needs
  • Enabling change using a life cycle approach
  • (Re)-aligning your IT Risk Management initiatives using COBIT 5 for Risk:
    • Risk Identification, Assessment and Evaluation
    • Risk Reporting
    • Risk Monitoring
    • Information Systems Controls Design and Implementation
    • Information Systems Monitoring and Maintenance

Course fees

Course

Fees A$ per person

  • COBIT® 5 for Risk
  • $550 + gst

Prerequisites:

A basic knowledge of ISACA’s COBIT 5 or COBIT 4.1 frameworks is recommended.