Information Technology Reference
In-Depth Information
b) availability of an IT risk register
c) history of managing risks
d) type of business operations
e) current IT environment
f) planned IT environment
g) inherent IT risks
h) IT strategy
i) IT operations
Figure 5.1 Risk Factors
The risk appetite of the enterprise must be well understood and explained by both the board
and management. Risk appetite might be a guide on how IT risk is being treated in the en-
terprise.
IT risks may include:
a) loss of data through accidental damage to computing equipment
b) loss of data through theft of storage devices
c) loss of data due to malfunctioning equipment
d) hackers having unauthorised access to IT systems in the enterprises
e) internal users deleting data with malicious intensions
f) failure of IT equipment
g) network failure
h) unavailability of critical IT staff
Figure 5.2 IT Risks
The IS auditor having understood the risk profile of the enterprise is in a position to conduct
an effective audit of IT governance in relation to how IT risk is being managed in the en-
terprise. Due to the nature of technology, it is expected that new technologies will be in-
troduced into the enterprise quite often and this implies that the risk exposure will change
more regularly. This also means that the board and management should always be on the
lookout for new risks due to the ever-changing technology.
Information Security
Information security is the securing of IT resources in the enterprise and protection of data
and information. It is the responsibility of the board and senior management to ensure that
information security governance is properly implemented in the enterprise using best prac-
Search WWH ::
Custom Search