IT and other enterprise risksHaving established the need for IT govern terjemahan - IT and other enterprise risksHaving established the need for IT govern Bahasa Indonesia Bagaimana mengatakan

IT and other enterprise risksHaving

IT and other enterprise risks

Having established the need for IT governance, the benefits of proactive management
of the IT risk portfolio and having explored each of the seven classes of IT
risk, we now turn to examine other enterprise risks and the relationship with IT.
You can’t put a fence around IT risk and separate it from the remainder of
your organization’s activity. IT is intimately associated with a range of business
activities that are sources of risk and, as such, has a key part to play in the
control environment. IT risk managers must team with those managing enterprise
risks from other perspectives – in their line roles or as functional specialists
– to ensure IT risks are given the right priority and that opportunities for IT
systems and services to assist in managing risks of different types are leveraged.
Furthermore, at a general level, IT can facilitate the wiring-up, locking-down
and constant surveillance of your business, and specifically in the domain of risk
management information systems, IT will be relied on for advanced risk analytics
and reporting.
Finally we examine IT risk management reliance on a range of other organization
capabilities for effective preparation, defence and response: from the strategysetting
role of the business leaders to the physical security role of the building
and facilities staff – down to and literally including the janitor!
Divergent perspectives are healthy and ensure completeness in the coverage
of enterprise risks, as part of the risk management process is to have more than
one layer of control. Guidelines are provided in this chapter to help you manage
the linkages and dependencies between IT risk and other risk management
activities across your enterprise.

Relating the IT risk portfolio to other types of
enterprise risk
It is too easy to refer to IT and ‘the business’ as if somehow IT isn’t a part of the
business. Our exclusive focus on the IT risk portfolio needs to be balanced with
a consideration of other enterprise risks.


Rating IT risk alongside other risks
Do IT risks rate as one of the top risks in your company?
Let’s establish a framework within which to answer the question:
• For consistency of language, we say that (risk) causes lead to (risk) events that
then have (risk) consequences;
• Failure within the IT risk portfolio is one of many causes of risk events within
the enterprise – one of the many areas in which things can go wrong that can
lead to a negative consequence for the business;
• Other risk causes may be totally unrelated with IT risk, or closely related with
IT risk – this is known as inter-risk correlation; and
• The consequence for the business will not always be quantified. When
measured reliably, it will be available only for past actual loss events and will
typically be focused on the normal range of losses or ‘expected loss’.91
Within this framework we can create an illustrative ratings table of enterprise
risks, illustrating the top risk causes and the major risk impacts or consequences,
experienced within a given period (see Figure 11.1). The focus here is on
the major ‘hits’ taken by the enterprise and the contributing causes.92 The lines
joining the causes and the consequences indicate the major relationships evident
in the risk events experienced within the period. For example, failures in
corporate governance led to reputational and financial loss. The number of stars
is indicating the qualitative or quantitative assessment of the consequence. Note
the big ‘hit’ to reputational loss also resulted from personnel and product quality
failures that were contributing factors in the risk events.
In this illustrative example, IT ranks fourth behind failures in corporate
governance, audit and personnel as a major cause of negative enterprise risk
consequences, for the specific illustrative set of events.
Quantified loss and qualitative loss data should be normalized against the
expected losses (normal range) in each category. While ‘plain sailing’ is desirable,
it is not anticipated in any category of loss. Figure 11.2 illustrates this concept.
Outcomes range from better than expected (one star), expected (two stars) through
to catastrophic (five stars).
Comparability of losses in different categories may be attempted, but will
remain open to the charge of subjectivity and may be considered insensitive
(e.g. three deaths in our refineries is considered equivalent to how much in
fraud-related loss?).
Where quantitative data is available – say, quantified total loss distribution
represented as an aggregate annual loss – it may be translated as shown in
Figure 11.3. This approach to rating IT risks alongside other enterprise risks
reflects the reality that in most organizations priority funding will go towards patching
today’s gaping holes.
If IT doesn’t rate as one of the top priorities then it won’t get the priority
funding.
To the extent that the top risk causes don’t mop up all available funds and
attention, management discretion will dictate how the remainder will be shared
out amongst those areas most likely to negatively impact the business in the
future and look with favour upon those offering cost-effective risk management
options.
If you are operating in such an environment, IT risk spend needs to be
justified and cannot be taken as a given. The pragmatic questions to ask cover a
range of assessment tools:
• Actual loss experience: What are the major ‘hits’ you are taking? How did
the ‘things go wrong’ and which risk portfolios do the things going wrong
lie in?
• Control assessments: How effective are the existing controls and how can they
be improved? Where are the most sensible, actionable and preventive risk
treatment strategies directed?
• Key risk indicators: Do you have a set of indicators across all the risk areas
that are effective in identifying deviations from the expected norms?
• Scenario analysis: For a broadly defined collection of scenarios, how well
does your organization respond? Given that the scenarios cut across risk areas
through multiple contributing causes, how should your limited risk treatment
spend (mitigation) be allocated to ensure maximum effectiveness?
0/5000
Dari: -
Ke: -
Hasil (Bahasa Indonesia) 1: [Salinan]
Disalin!
IT and other enterprise risksHaving established the need for IT governance, the benefits of proactive managementof the IT risk portfolio and having explored each of the seven classes of ITrisk, we now turn to examine other enterprise risks and the relationship with IT.You can’t put a fence around IT risk and separate it from the remainder ofyour organization’s activity. IT is intimately associated with a range of businessactivities that are sources of risk and, as such, has a key part to play in thecontrol environment. IT risk managers must team with those managing enterpriserisks from other perspectives – in their line roles or as functional specialists– to ensure IT risks are given the right priority and that opportunities for ITsystems and services to assist in managing risks of different types are leveraged.Furthermore, at a general level, IT can facilitate the wiring-up, locking-downand constant surveillance of your business, and specifically in the domain of riskmanagement information systems, IT will be relied on for advanced risk analyticsand reporting.Finally we examine IT risk management reliance on a range of other organizationcapabilities for effective preparation, defence and response: from the strategysettingrole of the business leaders to the physical security role of the buildingand facilities staff – down to and literally including the janitor!Divergent perspectives are healthy and ensure completeness in the coverageof enterprise risks, as part of the risk management process is to have more thanone layer of control. Guidelines are provided in this chapter to help you managethe linkages and dependencies between IT risk and other risk managementactivities across your enterprise.Relating the IT risk portfolio to other types ofenterprise riskIt is too easy to refer to IT and ‘the business’ as if somehow IT isn’t a part of thebusiness. Our exclusive focus on the IT risk portfolio needs to be balanced witha consideration of other enterprise risks.Rating IT risk alongside other risksDo IT risks rate as one of the top risks in your company?Let’s establish a framework within which to answer the question:• For consistency of language, we say that (risk) causes lead to (risk) events thatthen have (risk) consequences;• Failure within the IT risk portfolio is one of many causes of risk events withinthe enterprise – one of the many areas in which things can go wrong that canlead to a negative consequence for the business;• Other risk causes may be totally unrelated with IT risk, or closely related withIT risk – this is known as inter-risk correlation; and• The consequence for the business will not always be quantified. Whenmeasured reliably, it will be available only for past actual loss events and willtypically be focused on the normal range of losses or ‘expected loss’.91Within this framework we can create an illustrative ratings table of enterpriserisks, illustrating the top risk causes and the major risk impacts or consequences,experienced within a given period (see Figure 11.1). The focus here is onthe major ‘hits’ taken by the enterprise and the contributing causes.92 The linesjoining the causes and the consequences indicate the major relationships evidentin the risk events experienced within the period. For example, failures incorporate governance led to reputational and financial loss. The number of starsis indicating the qualitative or quantitative assessment of the consequence. Notethe big ‘hit’ to reputational loss also resulted from personnel and product qualityfailures that were contributing factors in the risk events.In this illustrative example, IT ranks fourth behind failures in corporategovernance, audit and personnel as a major cause of negative enterprise riskconsequences, for the specific illustrative set of events.Quantified loss and qualitative loss data should be normalized against theexpected losses (normal range) in each category. While ‘plain sailing’ is desirable,it is not anticipated in any category of loss. Figure 11.2 illustrates this concept.Outcomes range from better than expected (one star), expected (two stars) throughto catastrophic (five stars).Comparability of losses in different categories may be attempted, but willremain open to the charge of subjectivity and may be considered insensitive(e.g. three deaths in our refineries is considered equivalent to how much infraud-related loss?).Where quantitative data is available – say, quantified total loss distributionrepresented as an aggregate annual loss – it may be translated as shown inFigure 11.3. This approach to rating IT risks alongside other enterprise risksreflects the reality that in most organizations priority funding will go towards patchingtoday’s gaping holes.If IT doesn’t rate as one of the top priorities then it won’t get the priorityfunding.To the extent that the top risk causes don’t mop up all available funds andattention, management discretion will dictate how the remainder will be sharedout amongst those areas most likely to negatively impact the business in thefuture and look with favour upon those offering cost-effective risk managementoptions.If you are operating in such an environment, IT risk spend needs to bejustified and cannot be taken as a given. The pragmatic questions to ask cover arange of assessment tools:• Actual loss experience: What are the major ‘hits’ you are taking? How didthe ‘things go wrong’ and which risk portfolios do the things going wronglie in?• Control assessments: How effective are the existing controls and how can theybe improved? Where are the most sensible, actionable and preventive risktreatment strategies directed?• Key risk indicators: Do you have a set of indicators across all the risk areasthat are effective in identifying deviations from the expected norms?• Scenario analysis: For a broadly defined collection of scenarios, how welldoes your organization respond? Given that the scenarios cut across risk areasthrough multiple contributing causes, how should your limited risk treatmentspend (mitigation) be allocated to ensure maximum effectiveness?
Sedang diterjemahkan, harap tunggu..
Hasil (Bahasa Indonesia) 2:[Salinan]
Disalin!
IT dan risiko perusahaan lainnya Setelah menetapkan perlunya tata kelola TI, manfaat manajemen proaktif dari portofolio risiko TI dan setelah menjelajahi setiap tujuh kelas TI risiko, kita kini giliran untuk memeriksa risiko perusahaan lain dan hubungan dengan IT. Anda tidak dapat menempatkan pagar di sekitar risiko TI dan terpisah dari sisa aktivitas organisasi Anda. TI berkaitan erat dengan berbagai bisnis kegiatan yang sumber risiko dan, dengan demikian, memiliki bagian penting untuk bermain dalam lingkungan pengendalian. Manajer risiko TI harus bekerjasama dengan pengelola perusahaan risiko dari perspektif lain - dalam peran lini mereka atau spesialis fungsional - untuk memastikan risiko TI diberi prioritas yang tepat dan kesempatan untuk IT sistem dan layanan untuk membantu dalam mengelola risiko dari berbagai jenis yang leveraged . Selain itu, pada tingkat umum, TI dapat memfasilitasi kabel-up, mengunci-down dan pengawasan konstan bisnis Anda, dan secara khusus dalam domain risiko sistem informasi manajemen, TI akan diandalkan untuk analisis risiko canggih dan pelaporan. Akhirnya kita meneliti risiko TI manajemen ketergantungan pada berbagai organisasi lain kemampuan untuk persiapan efektif, pertahanan dan respon: dari strategysetting peran pemimpin bisnis untuk peran keamanan fisik bangunan ! dan fasilitas staf - ke dan benar-benar termasuk petugas kebersihan Berbeda perspektif yang sehat dan memastikan kelengkapan dalam cakupan risiko perusahaan, sebagai bagian dari proses manajemen risiko adalah untuk memiliki lebih dari satu lapisan kontrol. Pedoman disediakan dalam bab ini untuk membantu Anda mengelola hubungan dan ketergantungan antara risiko TI dan manajemen risiko lain kegiatan di perusahaan Anda. Berkaitan portofolio risiko TI dengan jenis lain dari risiko perusahaan itu terlalu mudah untuk merujuk kepada IT dan 'bisnis' seolah-olah entah bagaimana IT bukan merupakan bagian dari bisnis. Fokus eksklusif kami pada portofolio risiko TI perlu diimbangi dengan pertimbangan risiko perusahaan lain. Penilaian risiko TI bersama risiko lainnya Apakah IT risiko tingkat sebagai salah satu risiko atas di perusahaan Anda? Mari kita membangun kerangka kerja yang untuk menjawab pertanyaan : • Untuk konsistensi bahasa, kita mengatakan bahwa (risiko) menyebabkan menyebabkan (risiko) peristiwa yang kemudian memiliki (risiko) konsekuensi; • Kegagalan dalam portofolio risiko TI adalah salah satu dari banyak penyebab kejadian risiko dalam perusahaan - salah satu banyak daerah di mana hal-hal yang bisa salah yang dapat menyebabkan konsekuensi negatif bagi bisnis; • penyebab risiko lain mungkin sama sekali tidak terkait dengan IT risiko, atau terkait erat dengan IT risiko - ini dikenal sebagai korelasi antar risiko; dan • Konsekuensi untuk bisnis akan tidak selalu diukur. Ketika diukur secara andal, maka akan tersedia hanya untuk acara kehilangan masa lalu yang sebenarnya dan akan biasanya difokuskan pada kisaran normal kerugian atau 'loss'.91 diharapkan Dalam kerangka ini kita dapat membuat penilaian tabel ilustrasi dari perusahaan risiko, menggambarkan risiko atas penyebab dan dampak risiko utama atau konsekuensi, mengalami dalam jangka waktu tertentu (lihat Gambar 11.1). Fokus di sini adalah pada yang 'hits' besar diambil oleh perusahaan dan kontribusi causes.92 Garis bergabung dengan penyebab dan konsekuensi menunjukkan hubungan utama jelas dalam peristiwa risiko mengalami dalam jangka waktu. Misalnya, kegagalan dalam tata kelola perusahaan menyebabkan kerugian reputasi dan keuangan. Jumlah bintang yang menunjukkan penilaian kualitatif atau kuantitatif konsekuensi. Catatan besar 'memukul' kehilangan reputasi juga dihasilkan dari personil dan kualitas produk kegagalan yang berkontribusi faktor dalam kejadian risiko. Dalam contoh ilustrasi ini, IT peringkat keempat di belakang kegagalan dalam perusahaan pemerintahan, audit dan personel sebagai penyebab utama perusahaan negatif risiko konsekuensi, untuk set ilustrasi spesifik peristiwa. kehilangan diukur dan data kerugian kualitatif harus dinormalisasi terhadap kerugian yang diharapkan (normal) dalam setiap kategori. Sementara 'berlayar polos' yang diinginkan, tidak diantisipasi dalam kategori kerugian. Gambar 11.2 mengilustrasikan konsep ini. Hasil berkisar dari baik dari yang diharapkan (satu bintang), diharapkan (dua bintang) melalui ke bencana (lima bintang). Komparatif kerugian dalam kategori yang berbeda dapat dicoba, tetapi akan tetap terbuka dengan muatan subjektivitas dan dapat dianggap tidak sensitif (misalnya tiga kematian di kilang kami dianggap setara dengan berapa banyak di loss-penipuan terkait?). Dimana data kuantitatif yang tersedia - katakanlah, diukur total distribusi kerugian direpresentasikan sebagai kerugian tahunan agregat - itu dapat diterjemahkan sebagai ditampilkan di Gambar 11.3. Pendekatan ini untuk Peringkat IT risiko bersama risiko perusahaan lain mencerminkan realitas bahwa dalam kebanyakan organisasi pendanaan prioritas akan pergi ke arah menambal lubang menganga saat ini. Jika TI tidak menilai sebagai salah satu prioritas utama maka tidak akan mendapatkan prioritas pendanaan. Untuk Sejauh penyebab risiko atas tidak mengepel semua dana yang tersedia dan perhatian, kebijaksanaan manajemen akan menentukan bagaimana sisanya akan dibagi keluar di antara daerah-daerah yang paling mungkin berdampak negatif bisnis di masa depan dan melihat dengan nikmat kepada mereka menawarkan biaya manajemen risiko -Efektif pilihan. Jika Anda beroperasi di lingkungan seperti itu, risiko TI menghabiskan kebutuhan akan dibenarkan dan tidak dapat diambil sebagai diberikan. Pertanyaan-pertanyaan pragmatis untuk meminta mencakup berbagai alat penilaian: • pengalaman kerugian aktual: Apa 'hits' utama Anda mengambil? Bagaimana dengan 'sesuatu yang salah dan yang risiko portofolio melakukan hal-hal yang salah berbaring di? • penilaian Control: Seberapa efektif adalah kontrol yang ada dan bagaimana mereka dapat ditingkatkan? Mana risiko yang paling masuk akal, ditindaklanjuti dan preventif strategi pengobatan diarahkan? • indikator risiko kunci: Apakah Anda memiliki satu set indikator di semua area risiko yang efektif dalam mengidentifikasi penyimpangan dari norma-norma yang diharapkan? • Analisis Skenario: Untuk didefinisikan secara luas koleksi skenario, seberapa baik organisasi anda merespon? Mengingat bahwa skenario memotong daerah berisiko melalui beberapa penyebab yang berkontribusi, bagaimana seharusnya perlakuan risiko Anda terbatas pengeluaran (mitigasi) dialokasikan untuk memastikan efektivitas maksimum?






























































































Sedang diterjemahkan, harap tunggu..
 
Bahasa lainnya
Dukungan alat penerjemahan: Afrikans, Albania, Amhara, Arab, Armenia, Azerbaijan, Bahasa Indonesia, Basque, Belanda, Belarussia, Bengali, Bosnia, Bulgaria, Burma, Cebuano, Ceko, Chichewa, China, Cina Tradisional, Denmark, Deteksi bahasa, Esperanto, Estonia, Farsi, Finlandia, Frisia, Gaelig, Gaelik Skotlandia, Galisia, Georgia, Gujarati, Hausa, Hawaii, Hindi, Hmong, Ibrani, Igbo, Inggris, Islan, Italia, Jawa, Jepang, Jerman, Kannada, Katala, Kazak, Khmer, Kinyarwanda, Kirghiz, Klingon, Korea, Korsika, Kreol Haiti, Kroat, Kurdi, Laos, Latin, Latvia, Lituania, Luksemburg, Magyar, Makedonia, Malagasi, Malayalam, Malta, Maori, Marathi, Melayu, Mongol, Nepal, Norsk, Odia (Oriya), Pashto, Polandia, Portugis, Prancis, Punjabi, Rumania, Rusia, Samoa, Serb, Sesotho, Shona, Sindhi, Sinhala, Slovakia, Slovenia, Somali, Spanyol, Sunda, Swahili, Swensk, Tagalog, Tajik, Tamil, Tatar, Telugu, Thai, Turki, Turkmen, Ukraina, Urdu, Uyghur, Uzbek, Vietnam, Wales, Xhosa, Yiddi, Yoruba, Yunani, Zulu, Bahasa terjemahan.

Copyright ©2024 I Love Translation. All reserved.

E-mail: