IVI Framework Viewer

Risk Coverage

B2

Establish the breadth of IT risk categories and asset classes that are addressed by risk management activities.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Risk Coverage at each level of maturity.

1Initial
  • Practice
    Rely on the best endeavours of available personnel.
    Outcome
    _
    Metric
    _
2Basic
  • Practice
    Establish a process in the IT function for identifying the critical areas to be included in Risk Management activities.
    Outcome
    The most important risk areas are identified and managed.
    Metric
    # of risk areas managed.
3Intermediate
  • Practice
    Establish an agreed and documented process by which the IT function and some other business units can identify the critical risk areas to be managed.
    Outcome
    The critical risk areas are jointly and consistently agreed by IT and some other business units and can be prioritized for Risk Management activities.
    Metric
    # of risk areas managed.
4Advanced
  • Practice
    Involve IT and all other business units in selecting the risk areas to be addressed in Risk Management activities.
    Outcome
    The critical risk areas are jointly and consistently agreed organization-wide and can be prioritized for Risk Management activities.
    Metric
    # of risk areas managed.
5Optimized
  • Practice
    Continually revise the process for identifying the risk areas to be managed.
    Outcome
    Frequent reviews of the risk landscape ensure that the most relevant risk areas are identified for Risk Management activities.
    Metric
    # of risk areas managed.