Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Dear friends, 

Here are the balance mnemonic words for the CHAPTER -1 of ISCA

I have also uploaded word files for Chapter 1 and Chapter 4. Kindly download and do the reformatting as per your convenience and shorten the length if possible so that u can carry anywhere easily.  

Risk Management :

IS Risks can be in the form inadequate disclosure, increasing electronic frauds etc.

IT based Information system is subject to Inherent risks.

Inherent risks are risks which cannot be eliminated but can be mitigated by appropriate security

Risk management is ‘Assessing risks’ and ‘Reducing to an acceptable level’ through appropriate security/ controls.

Controls are classified as Preventive, Detective and Corrective  

Appropriate security/ controls  assures that –

  • CIA (Confidentiality, Integrity and Availability) of data is maintained
  • Access to data is restricted to authorized users only
  • Computer facilities are available at all times

Sources of Risks :  LEH  New Trekking  Mission

  • Legal and Commercial Relationships     
  • Economic circumstances   
  • Human behavior  
  • Natural events   
  • Technology and Technical issues   
  • Management activities 

Terms / Definition :

  • Assets
  • Vulnerability
  • Threat
  • Exposure
  • Likelihood
  • Attack
  • Risk
  • Residual Risk

Reasons for Gap between Need to protect system and protection applied : HIDE & U C ME  (Prof. Jignesh Chheda)

  • External dangers from Hackers    
  • Inter connectivity of systems  
  • Devolution of management & control   
  • Elimination of Time, Distance, Space constraints    
  • Widespread Use of technology   
  • Unevenness of technological Changes   
  • Growing potentials for Misuse   

Risk Management Strategies : AE’S  Means International  (T5)

  • Accept the Risk / Tolerate     
  • Eliminate the Risk / Terminate    
  • Share the Risk / Transfer  
  • Mitigate the Risk / Treat
  • Ignore the Risk / Turn Back    

Key Governance practices - Risk Management : EDM

  • Evaluate – Risk Management     
  • Direct – Risk Management     
  • Monitor  – Risk Management     

Key Management practices - Risk Management : CA - PAAR

  • Collect Data      
  • Analyse Risk      
  • Maintain Profile of Risk
  • Articulate Risk
  • Define Action Portfolio of Risk management
  • Respond to Risk     

Key Metrics of Risk Management :  Critical  Incidents in  EU (European Union)

  • % of Critical business process covered by risk assessment    
  • No.s of IT related Incidents not identified in risk assessment
  • % of Enterprise risk assessments
  • Frequency of Updating risk profile  

Key Management practices of IT Compliance :  Indian Originated CO.

  • Identify External compliance requirement      
  • Optimize response to External requirement
  • Confirm External compliance
  • Obtain assurance of External compliance

Key Metrics for assessing compliance with External laws :  Cancel RAC

  • Cost of IT non-compliance (settlement fines)     
  • Reporting to the board of IT non-compliance
  • Non compliance related to Agreement with IT service providers
  • Coverage of compliance assessment

Key Metrics for compliance with Internal Policies :  India – US  Friends

  • Incidents related to non-compliance to policy     
  • % of stake holders who Understand policies  
  • % of policies supported by effective Standards  
  • Frequency of policies review


Need for use of COBIT 5 by enterprises :  BREV Captain

  • Development of  Business focused IT solutions     
  • Reduce IT related risks 
  • Enterprise wide involvement in IT related activities 
  • Value creation from use of IT
  • Compliance with Laws & regulations

5 Principles of COBIT 5 :  MCA  Enabling  Success

  • Meeting Stakeholders needs     
  • Covering Enterprise End –to-End 
  • Applying a Single Integrated framework 
  • Enabling a Holistic approach
  • Separating Governance from Management

7 Enablers of COBIT 5 :  PPF  Processes OC  Into SP

  • Principles, Policies and Framework  -translates desired behavior into practical guidance for day-to-day management     
  • Processes describes organized set of practices to achieve certain objectives 
  • Organizational structure are key decision making entities in enterprise
  • Culture, Ethics and Behavior of the individuals often underestimated  as a success factor   
  • Information is pervasive throughout the organization  
  • Services, Infrastructure and Applications provides enterprise with information technology processing and services
  • People, Skills and Competencies are linked to people and are required for successful completion of all activities and taking corrective decisions

Components in COBIT 5 :  Full Pest Control in Mahindra & Mahindra

  • Framework - Organize It governance objectives, good practices  and links them to business requirement      
  • Process Description - ‘Reference process model’ and ‘Common language’ for everyone in organization   
  • Control Objectives - Provide set of high level requirements for effective control of each IT process   
  • Management guidelines - Helps assign responsibilities, agree on objectives and measure performance
  • Maturity Models  - Assesses maturity and capability per process and helps to address gaps

Benefits of COBIT 5 :  High Court Banned OMG! Movie

  • Enables It to be governed in Holistic manner for entire organization taking full end-to-end business       
  • Comprehensive Framework enables enterprise in achieving objectives 
  • Enables increased Business user satisfaction and clear policy development   
  • Enables enterprise to create Optimal value from IT by maintaining balance between realizing benefits and optimizing risks levels 
  • Enables enterprise to Manage IT related risks and ensure compliance
  • Generic Framework hence useful for enterprises of all sizes, whether Commercial, Non-profit or Public sector 

Goals used to measure successful Implementation of GRC :  Reliance CEO  Sacked by Reliance Chairman

  • Redundant (extra) controls - Reduction     
  • Control failures in key areas - Reduction     
  • Expenditure related to Legal, Regulatory areas - Reduction     
  • Overall time for audit of key business areas - Reduction     
  • Streamlining of processes and time reduction through automation      
  • Reporting of compliance issues and remediation in timely manner   
  • Compliance status and key issues to senior management on real time basis   

Several Key components evaluated by Internal auditor for Effective IT governance :  Law Of  Pakistan Requires  Controls & Performance

  • Performance Measurement - Review the system in place to measure the outcome          
  • Controls - Review the key controls that are defined by IT to manage its activities    
  • Risks - i) Review the processes to identify, assess and mitigate risks within organization ; ii) Accountability of the person responsible for Risk Management
  • Processes -  Review IT Process activities and Controls in place to mitigate risks to organization     
  • Organizational structure -  i) Review how Management and IT personnel are communicating  across the organization
  • Leadership - i) Assess involvement of IT leadership in organization’s strategic goals ;  ii) Review roles and responsibilities assigned within IT organization


Published by

Parag Sambhaji Shinde
(Management Trainee)
Category Students   Report

2 Likes   33 Shares   12675 Views


Popular Articles

Lawsikho Follow taxation Exam20 Book Book

CCI Articles

submit article

Stay updated with latest Articles!