| Share

New report from RIMS and ISACA Helps Organisations Bridge the Digital Risk Gap



Value and Benefits of Aligning Risk Management and Information Security Highlighted

Sydney, Australia, (16 September 2019)– IT and risk management professionals must speak the same language to more effectively incorporate the benefits and uncertainties associated with data and technology into the organisations’ overall strategy and to add value, according to a newly published, complimentary white paper from ISACA and RIMS, “Bridging the Digital Risk Gap: How Collaboration Between IT and Risk Management Can Enhance Value Creation.” The white paper can be found on ISACA’s website: here and RIMS website: here.
 
Technology has long been integral to the success of any organisation, but as the range of business applications and the pace of innovation have increased, so has the risk. The “Bridging the Digital Risk Gap” white paper outlines how the changing digital risk landscape, new regulatory requirements, and greater understanding of commonalities between IT and risk management make a strong case for aligning the two in order to realise significant benefits.
 
These benefits to an organisation include being:
  • Transparent, nimble and timely
  • Clearly defined in roles, accountability and decision-making authority
  • Forward-looking in its risk assessment and benefit analyses (and not primarily resource based)
  • Aligned to broader mission and strategy objectives
 
Additionally, the report highlights ISACA’s Risk IT Framework and how to integrate both IT and risk management frameworks that each department uses, such as the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework into the technology life cycle.
 
“Because of expanding digital risk landscapes, risk management and cybersecurity capabilities are also evolving as a corresponding horizontal competency. Lack of, or poorly thought out, digital enterprise strategies can torpedo an organisation’s mission and overall objectives.” stated Carol Fox, RIMS VP of strategic initiatives and contributor. “Likewise, failed implementations that do not deliver expected value to the organisation, whether due to scope creep, budget overages or unrealistic expectations can damage the viability of organisations, as much as security risks related to data breaches and expropriation of intellectual property.”
 
“When enterprises examine the evolving risk environment and the benefits that can come from integrating risk management and IT, it becomes very clear that this collaboration is important to the overall business-risk portfolio,” said Paul W. Phillips, III, CISA, CISM, technical research manager at ISACA and a contributing author to the white paper. “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
 
The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organisations how they can visualise the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasises the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.
 
“Collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise. Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” added Fox. “In doing so, IT and risk management professionals can leverage their knowledge and resources to better inform decision makers on how business strategies and objectives can benefit from IT capabilities, and spur investment in new technology.”
 
To read the free white paper, visit www.isaca.org/digital-risk-gap or RIMS Bridging the Digital Risk Gap. More information about IT and risk management can be found at www.isaca.org/Knowledge-Center/ and https://www.rims.org/resources/strategic-enterprise-risk-center.
 
About ISACA
Now in its 50th anniversary year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged professionals—including its 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.
 
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: www.instagram.com/isacanews/
 
About RIMS
As the preeminent organisation dedicated to promoting the profession of risk management, RIMS, the risk management society®, is a global not-for-profit organisation representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS is committed to advancing risk management capabilities for organisational success, bringing networking, professional development and education opportunities to its membership of more than 10,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org.
 
Twitter: www.twitter.com/rimsorg
LinkedIn: www.linkedin.com/company/rimsorg
Facebook: www.facebook.com/rimsorg
Instagram: www.instagram.com/rimsorg
 
Contact:
Julie Fenwick, +61 468 901 655 jfenwick@daylightagency.com.au