Audience for Info collected about several KRI, in regard to a financial app

 A risk practitioner has collected several IT-related key risk indicators related to the core financial application. These would MOST likely be reported to:"

  • Executives / Business Leaders – ⚠️ Likely but not most likely. They care about risk impacts, but not raw IT KRIs directly. Usually they get aggregated risk reports, not technical KRIs.

  • IT Management – ✅ They are responsible for implementing mitigation and controls. Not administrators as they are responsible for technical operations rather than managerial oversight of the IT. 

  • Compliance/Audit – ✅ Likely but not most likely. They may require visibility for oversight and reporting obligations but they receive KRIs to review and assure that management is doing its job, and not as part of their day-to-day operations. .

  • Finance department – ⚠️ Not usually directly, unless they are stakeholders in the risk decision or require reporting for regulatory purposes. They are affected by the risk, but they don’t typically act on IT controls.




Comments

Post a Comment

Popular posts from this blog

CRISC Exam Preprations

 As I am preparing myself for the exam, I will be jotting down my thoughts and the ideas I come across about CRIS exam here, as a practice for myself, and hope they will be useful for some too. 
Read more

Risk Management Plan

 Risk Management Plan is discussed in: Domain 1 "RISK GOVERNANCE"  section B.1:    Enterprise Risk Management and Risk Management Framework. Question came up about the initial stages of Risk Management Planning. I mistakenly thought, it would be establishing ownership of identified risks. But NO! Before that, you need to need identify context and extent of the program. How could I be so foolish and think so? I assumed with planning, we have already the context and extend already, and thought it was not part of Risk Management Plan.. but boy I was wrong... This is type of things you get wrong when doing CRISC questions. Now Risk Management Plan, according the the AI:    Developing a robust risk management program involves a systematic approach. Here are the typical stages involved: 1. Establishing the Context: Define Objectives and Scope: Clearly articulate the organization's goals and the specific areas the risk management program will cover. This sets th...
Read more