Over the past number of years investment in IT has increased steadily and this growth looks set to continue significantly in years to come. Business processing has become increasingly automated and organisations have become highly dependent on IT.
As a result, it’s now more necessary than ever for organisations to put formal IT governance and internal control processes in place to manage the significant risks involved with this dependence.
Recognising this, the King Code of Governance Principles (King III) issued by the South African Institute of Directors in 2009 states, “IT should form an integral part of the company’s risk management” (principle 5.5).
Our Information Risk Management methodology – based on the Information Systems Audit and Control Association’s (ISACA) IT Risk methodology – focuses on assessing organisational risk as it relates to your business objectives.
Our Information Risk Management services are designed to provide you with a structured and managed process to:
- Assess information risk as it relates to your business objectives, opportunities and compliance
- Design a risk management plan including risk response, initiatives and responsibilities
- Implement and manage this plan, focusing on the integration of risk management into daily activities
- Enable communication between information risk management and other risk committees.
The key phases in our methodology include: