I'm reading the ICT Operations Assurance Framework (pdf) as that most affects me in a support role.
Some Notes & Quotes:
---The Chief Executive remains accountable for the successful delivery of their ICT Operations and for ensuring risks are managed andRob England would like this. Governors govern. The CIO might be responsible for getting stuff done - it's the CE that is accountable for ICT. The ISO standard for IT Governance is ISO38500 - it's actually titled "Governance of IT". Governance occurs outside of IT, and done to IT, it is not something that IT does. The CE can't abdicate accountability, putting everything on the CIO, any more than they can dodge unsafe working areas, blaming the facilities manager.
kept at an acceptable level.
---
Seems very much focused on risk identification ... negative risks only (haven't seen anything regarding positive risks)
---
There is a diagram titled "Risk Universe" which is really a list of ITIL processes - this is noted as such - seems a little strange to list the processes as the embodiment of risk areas. I guess it's one way of compartmentalizing where risks occur. A problem remains with areas that are not covered by ITIL - which is quite considerable (Rob England again).
---
One of the key objectives of the ICT Assurance framework is to improve system-wide ICT risk management and assurance through lifting capabilityI like that - managing risk through improving capability.
---
A risk maturity model is due in 2014 sometime - will include a maturity assessment tool. That'll be interesting too.
---
No comments:
Post a Comment