Risk Management using COBIT

In addition to the two COBIT 5 processes that deal specifically with risk, EDM03 Ensure Risk Optimisation and APO12 Manage Risk, there is an additional COBIT 5 guide for RISK which deals with two perspectives: the risk function and the risk management process.

The risk function perspective describes how the COBIT 5 enablers can be used to implement effective and efficient risk governance and management. The COBIT 5 for Risk guide contains a wealth of practical examples of artefacts from the risk management process. 

The COBIT 5 generic enablers are Stakeholders, Goals, Life-cycle and Good Practices. They provide a general perspective of what the Risk function should consider when fulfilling their responsibilities. More specific guidance can be found in the enablers themselves:

  1. Principles, Policies and Frameworks
  2. Processes
  3. Organisational structures
  4. Culture, Ethics and Behaviour
  5. Information
  6. Services, Infrastructure and Applications
  7. People, Skills and Competencies.

The ITGN combines this knowledge into an approach to risk management which is both effective and efficient. As with all processes, the risk management function and its processes are designed to achieve specific outcomes that align with the businesses goals and the organisations strategic objectives. The ITGN approach combines the best practices of COSO and ISO 31000 with the COBIT 5 risk management knowledge pool to build capability in managing risk in accordance with the ISO 15504 standard for capability improvement.

Core to any risk management function is adding value. The ITGN assists organisations by:

  • clarifying the value proposition for managing risk,
  • identifying the required process activities that support the delivery of value, and
  • determining the key risk management responsibilities.  

POPI Risk Assessment

The COBIT 4 Maturity Model can provide management with an initial, high-level view of the current level of organisational maturity.

Free POPI Risk tool

PAIA Preparation

Illustration of the process and a management system for the implementation of COBIT 5.

View video

IT Legal Register

Used to perform the capability assessment and manage the subsequent improvement of the IT organisation.

View video

POPI Management System

Managing the IT function and continuously improving its capability.

View video

POPI Capability Assessments

COBIT 5 capability assessments are highly subjective and depend entirely on the assessor's IT knowledge and experience.

The ITGN has the skill, experience and tools needed to ensure reliable results. Read more...

POPI Management System

Improve your IT organisation's efficiency and effectiveness with a management system to coordinate and continuously improve the operational practices.


POPI Expertise

IT governance experts are available to assist establish, implement and improve the governance of IT based on the ISO 38500 standard and COBIT 5 good practices.


Go to top