Title: CRISC Mind Map for Effective Risk Governance
1www.infosectrain.com
2RISK GOVERNANCE
Establish Enterprise Strategy
Board of Directors
Example Defining the company's risk appetite
Formulate Strategic Plans
Senior Management
Example Developing a risk management framework
Implement Business Operations and
Processes Business units Example Executing risk
assessment procedures
Example Implementing risk mitigation strategies
Apply Risk Guidance
Risk Management
Perform Risk Example Continuous risk
Monitoring
tracking and reporting
Report to Board Example Annual risk reports
of Directors Provide information for Senior
Management
Reporting
Example Quarterly risk status updates
www.infosectrain.com
3RISK GOVERNANCE
Example Creating a unified risk language and
framework
Establish a
common view of
risk for the enterprise
RISK GOVERNANCE OBJECTIVES
Establish and maintain a common risk view
Determine controls Example Implementing
to mitigate risk
encryption for data security
Integrate controls into business processes and
information security
Example Regular
security audits in IT projects
Enforce a holistic enterprise risk management
(ERM) approach
Example ERM software
deployment across departments
Integrate risk management into the enterprise
Require integration
of risk management Example Local compliance
across all functions
officers in each branch
and locations
Ensure compliance with a baseline level of risk
management
Example Regular security audits in IT projects
www.infosectrain.com
4RISK GOVERNANCE
Example Risk vs.
Consider the full range of opportunities and
their effects
Reward analysis for new investments
RISK GOVERNANCE OBJECTIVES
Make risk aware business decisions
Require risk analysis periodically or with
significant environmental changes
Example Reassessing risk portfolio after market
fluctuations
Oversee and monitor to ensure the effectiveness
of risk controls
Example Quarterly
control effectiveness reviews
Ensure risk management controls are implemented
and operating correctly
Mitigate risk and protect organizational assets
Example Insurance coverage for critical assets
www.infosectrain.com
5FOUND THIS USEFUL?
To Get More Insights
Through Our FREE
Courses Workshops eBooks ChecklisEs Mock
TesEs
LIKE
FOLLOW
SHARE