Configure COBIT 5 Risk Framework
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2021 02:03 PM
#grc
Description: As a Risk management process Owner, I need the COBIT 5 risk framework installed so that I have an initial risk framework to build from.
Acceptance Criteria: I know this story is complete when I see the COBIT 5 Information in the Instance.
Can anyone help?
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2021 11:33 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2021 12:17 AM
Hello Phoebe,
I would recommend using the UCF integration and pulling the UCF COBIT5 content from them into your ServiceNow IRM/GRC module (you need to demonstrate you have a valid ISACA licence for COBIT5). It would bring the Authority Document, the Citations and the Control Objectives.
You can easily recreate the Risk Statements as this is not directly included. There are several sources, including at the ISACA, that can provide you the list of COBIT5 Risks in an Excel format, easy to import into the Risk Statements table.
Then you have to map those Risk Statement to your COBIT5 Control Objectives.
Then you have to scope - Entity Classes / Types - your COBIT5 Processes and the supporting technology Assets (CMDB) and assign the correct Control Objectives / Risk Statements to these Entity Classes. Not as complex as it is expressed though.
We are experimented implementing these kind of content / architecture. If needed contact me at Eric@IRM.Expert
Eric
