Risk Control
The completion and presentation of the Quick Risk Assessment Framework usually generates a felt need of further investigation. This need is often expressed in a questions such as:
How do I know whether we are safe or not?
Our answer to this question is the Risk Control Framework.
This framework is separated into two (2) main components, along the demarcation lines of governance and management. The reason for this is that both governance and management needs to deal with risk. However the activities are rather different at each level.
We also created two sub-frameworks within this overall risk control framework. These frameworks do not follow the governance/management demarcation. They span over both areas, providing practical solutions fitting the incorporated entity's operational requirements. These sub-frameworks are the
- Risk Assessment Framework and
- Risk Response Framework.
The diagram below depicts one component of Risk Management within the Risk Control Framework:
Please click on the image for a larger version.
Using a framework like this is beneficial, because it
- Provides clarity (both directors and managers can see what they need to do)
- Enables a strategic approact to information security
- Identifies current and potential risks and their sources
- Generates an overall risk picture (or profile) for the organisation
- Fosters the creation or improvement of the risk management organisation within the incorporated entity.
For relevant capabilities please read the Security Audit section in the Assessment category here, and the Risk and Compliance Management sections in the Management category here.
If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.