IVI Framework Viewer

Governance

Establishes how IT risk management should be executed.

Capability Building Blocks

A1Policies for Risk Management
Define, implement, review, and make accessible risk management policies. Incorporate compliance requirements into risk management approaches.
A2Integration
Integrate IT risk management with IT leadership and governance structures, and with overall ERM policies and approaches.
A3Risk Management Programme and Performance Management
Identify risk management leadership responsibilities and accountability. Define risk management roles, responsibilities, and accountabilities in support of the programme's principles and guidance. Measure and report on the effectiveness and efficiency of risk management activities.
A4Communication and Training
Disseminate risk management approaches, policies, and results. Train stakeholders in risk management practices. Develop a risk management culture and risk management knowledge and skills.