IT Risk Management Framework Essay

Words: 998
Pages: 4

4.3 PO9 Assess and Manage IT risks

4.3.1 PO9.1 IT risk management framework

IT risk management framework is a necessary framework for every successful enterprise. So the City Medical Partners also need their own IT risk management framework. IT risk management framework can avoid the future risks and it also can gain the benefits. And the IT risk management framework need to fit with the risk management objectives of the enterprise - City Medical Partners. The example for risk classifications:
Strategic
Programme
Project
Operational
The new risks must be recorded. So if the same risk is happened again, then people can handle it efficiently and effectively.

4.3.2 PO9.2 Establishment of risk context

Establish
…show more content…
So it is necessary to establish an IT governance framework. The IT governance need to manage the IT resources by processing strategic plan, making decision and performance the measurement, etc. Building this IT governance framework need to create an IT strategy committee. The people who are in the IT strategy committee should provide policy guidance for risk management. They will also provide the organization funding. There should have a committee group. This group can review the IT performance. The framework and the IT process should avoid the issues and the troubles. It also need to ensure the framework complies with the local laws and regulations.

4.4.2 ME4.2 Strategic alignment

The IT strategy committee will manage the IT management and it will make ensure the objectives and strategy have the same business operations. The IT and the business must have the trust and confidence between them. It will help them to establish the good strategies for decision making. 4.4.3 ME4.3 Value delivery

There are some proper architectures which are needed between the IT and the business that can gain the benefits. These architectures are standardizing to avoid complexity and costs. The IT strategy committee need to find some ways to add the value for the organization when they meet with business. And they also need understand their IT expectations. It is very important to help the organization to understand what the customers’