Risk statement ,Risk,Control objective,control

Munny1
Tera Expert

Hi @SANDEEP DUTTA @Ankur Bawiskar ,

Can someone help. Since i am new to IRM.

I want to understand the difference between and with few examples of IT Risk Department Perspective based on banking sector.
1.Control objective and control(name and description)

2.RIsk statement and Risk(name and description)

 

 

4 REPLIES 4

SANDEEP DUTTA
Tera Patron
Tera Patron

Hi @Munny1 ,

Let's take an Example of an SOX's Requirement for an company for IT Risk Department Perspective.

 

We are trying to Mitigate a

Risk :SOX-IT-Changes to production application systems and programs are not properly authorized, tested, approved, implemented and documented

Risk Statement : SOX-IT-Changes to production application systems and programs are not properly authorized, tested, approved, implemented and documented

By applying : 

Control Objective : SOX-SAP-15 Dev/Test/Prod Environments

Control: SOX-SAP-15 Dev/Test/Prod Environments

 

Financial institution Specific:

Risk / Risk Statement : SOX-RR-Revenue not recognized in the proper period

Control/ Control Objective 1 : SOX-RR-24 Non-US Deferred Revenue Reconciliation

Control/ Control Objective 2 : :SOX-RR-15 US Revenue Checklist

 

 

by applying the following control:

 

Thanks,
Sandeep Dutta

Please mark the answer correct & Helpful, if i could help you.

Hi @SANDEEP DUTTA ,

 

Thanks for your response.

 

I understood that technically when we apply entity type to risk statement or control objective the risks or controls will generate automatically with the same name.

 

But If we want register a risk for risk statement as per below example manually.

In the similar way required a control objective and control example 

 

risk: "System Downtime
Risk Statement:"Due to outdated IT infrastructure, there is a risk of system downtime within the financial reporting system during peak

Hi @Munny1 ,

That your Organization will tell you which control you need to apply for that Risk.

 

Thanks,
Sandeep Dutta

Please mark the answer correct & Helpful, if i could help you.

Hi @Munny1 ,

 

Thanks,
Sandeep Dutta

Please mark the answer correct & Helpful, if i could help you.