ISACA launches business risk guide

Framework aims to help firms avoid IT pitfalls

The ISACA Risk IT Framework document helps businesses balance IT risk

The Information Systems Audit and Control Association (ISACA), an IT governance body, has launched its Risk IT Framework, a document it describes as "the first global IT-related risk framework to provide a comprehensive view of the business risks associated with IT initiatives."

The Risk IT Framework is a free-to-download, 107-page document, which
ISACA says builds on its globally recognised Control Objectives for Information and related Technology (COBIT) framework for IT governance, to provide a missing link between conventional enterprise risk management and IT risk management and control.

ISACA Risk IT taskforce chairman and developer Urs Fischer said that Risk IT would save time, cost and effort by providing a clear method to focus on IT-related business risks such as late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.

"It provides the guidance to help executives and management ask the key questions, make better risk-adjusted decisions and guide their enterprises so that risk is managed more effectively," he said.

The UK government-funded business advice portal Business Link highlights the benefits of risk evaluation on its web site: " Businesses that have identified the risks will be better prepared and have a more cost-effective way of dealing with them." it says.

ISACA said it developed Risk IT in response to member and industry demand. The framework and its supporting documentation was drawn up by IT and business experts in Europe and North America.