IVI Framework Viewer

Governance

Capability Building Blocks

A1Risk Management Principles and Policies
Define the principles that underpin the organization's approach to risk management. Define, review, make accessible, and comply with risk management policies.
A2Risk Management Programme
Provide leadership direction in relation to the risk management programme and the organization's risk appetite and risk tolerance. Establish and maintain a plan/strategy that outlines the scope and overall approach of the risk management effort.
A3Governance Structures
Establish risk management governance structures. Outline the composition and scope of risk management governance bodies, decision rights, and authorization. Identify and establish reporting arrangements, issue escalation protocols, roles in complying with obligations and overseeing governance activities, and rules to govern and control the application of risk management authority within the organization.
A4Integration
Integrate IT risk management with digital leadership and governance structures, and with overall Enterprise Risk Management (ERM) policies and approaches.
A5Roles, Responsibilities, and Accountabilities
Complete job and business process designs to identify the required roles for risk management tasks, and assign employees with the requisite knowledge and experience to the identified roles. Define and allocate the associated responsibilities and assign accountabilities to those who will be answerable for the achievement of risk management objectives.
A6Skills and Competence Development
Establish and make available a risk management training curriculum and other employee development mechanisms to enhance skills and competences. Record employee participation in risk management training and development initiatives, and recognise and acknowledge their achievements (e.g. courses completed, certifications, skills and competence levels acquired).
A7Culture and Stakeholder Management
Establish a risk aware culture. Motivate and secure stakeholder support, buy-in, and ownership of key risk management initiatives.
A8Communication and Performance Reporting
Inform stakeholders of key developments (e.g. objectives, policies, approaches, activities, risks, and outcomes) to build a shared understanding of how they can contribute to the realization of risk management objectives. Report on the effectiveness/efficiency of the risk principles, policies, controls, strategy, and activities.