ISACA Shares Top Drivers for Implementing Risk IT

New Risk Framework to be Discussed at ISACA Conference

Rolling Meadows, IL, USA (11 March 2009) — Managing risk is an issue that all IT executives need to perform effectively especially in the current economic climate. To assist these executives with risk management, the IT Governance Institute (ITGI) will be issuing the new Risk IT framework, which will be discussed at ISACA’s EuroCACS conference in Frankfurt next week. According to ISACA, a non-profit association serving 86,000 IT governance professionals, the top eight drivers for implementing a new Risk IT Framework are:

  • The need for an accurate view on current and near-future IT-related risks
  • The need for an end-to-end guidance on how to manage IT-related risks
  • To get an understanding on how to capitalise on the investment made in an IT internal control system already in place
  • To be able to integrate IT risk management with the overall risk and compliance structure within the enterprise
  • The need to promote risk ownership (responsibility for risk) throughout the organisation
  • To be able to make well-informed decisions about the extent of IT risk, the risk appetite and the risk tolerance of the organisation
  • To be able to understand how to respond to IT risks
  • To allow the organisation to make appropriate risk-adjusted decisions
Urs Fischer, ISACA/IT Governance Institute (ITGI) IT ERM Project Leader and Head of Corporate IT Governance and Risk Management at Swiss Life comments, "Risk IT provides the missing link between enterprise risk management (ERM) and IT risk management and control, fitting in the overall IT governance framework of the IT Governance Institute and building upon all existing risk-related components within the COBIT and Val IT frameworks."

Urs Fischer will be discussing the need for risk management and ITGI’s upcoming Risk IT framework at EuroCACs 2009, organised by ISACA from 15-18 March 2009 at the Intercontinental Hotel in Frankfurt, Germany.

Alongside Urs Fischer, Michael Morgenthaler, Deputy Data Protection Officer at SAP AG, will be looking at the contradictory requirements of data protection and privacy legislations at home and away, as well as how to manage and handle personal data under EU Laws.

Also in the IT Risk Management and Compliance stream, Adam Bosnian from Cyber-Ark will be discussing how to make privileged identities auditable in order to meet security policies and compliance regulations, giving real-world examples.

Adam Bosnian – VP Marketing and Product Development said, “With so many recent public breaches being attributed to badly managed privileged IDs and with the recent audit guidelines being introduced we are going to see companies and Government departments having to pay more attention to managing privileged Ids.”

Other speakers in this stream include: Stephane Geyre, Corporate Head of Risk Management at Reed Elsevier; Gaelle Pertuiset, Corporate Risk Management at Reed Elsevier; and Stefan Weiss, Director of KPMG Germany.

EuroCACs will feature 40 sessions divided into four streams: Information Security, IT Risk Management and Compliance, IT Audit, and IT Governance.

EuroCACS attendees can also register for workshops on topics such as using the COBIT and Val IT frameworks, and spreadsheet auditing.

The registration fee for the conference is US $2,374 for ISACA members and US $2,612 for nonmembers. Attendees can earn up to 40 continuing professional education hours. Additional information is available at www.isaca.org/eurocacs.

Founded in 1969, ISACA (www.isaca.org) sponsors international conferences, publishes the ISACA Journal, develops international information systems auditing and control standards, and administers the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and the new Certified in the Governance of Enterprise IT (CGEIT) designations.

Darshna Kamani, Eskenzi PR
<>