Pengelolaan Risiko Organisasi: Penilaian Risiko I&T berdasarkan COBIT (Bag.2)

Penilaian risiko I&T bertujuan agar dapat melihat risiko-risiko yang secara signifikan mempengaruhi pencapaian tujuan organisasi. Berdasarkan COBIT 5 for Risk terdapat beberapa hal yang diperhatikan untuk melakukan penilaian risiko seperti tipe risiko, kategori risiko serta faktor risiko, yang digunakan sebagai informasi awal untuk membangun skenario risiko dan kontrol risikonya.

1. Tipe Risiko
   1. IT benefit / value enablement risk
      Risiko berkaitan dengan manfaat atau nilai risiko TI terhadap peningkatan efisiensi dan efektivitas pencapaian tujuan organisasi
   2. IT programme and project delivery risk
      Risiko berkaitan program dan proyek risiko TI yang memberikan kontribusinya sebagai solusi bisnis
   3. IT operations and service delivery risk
      Risiko terkait dengan stabilitas operasional, ketersediaan, perlindungan dan pemulihan layanan
2. Kategori Risiko
   1. Portfolio establishment and maintenance
      
   2. Programme/ projects life cycle management (programme/ project initiation, economics, delivery, quality and termination)
   3. IT investment decision making
   4. IT expertise and skills
   5. Staff operations (human error and malicious intent)
   6. Information (data breach: damage, leakage and access)
   7. Architectural (vision and design)
   8. Infrastructure (hardware, operating system and controlling technology) (selection/ implementation, operations and decommissioning)
   9. Software
   10. Business ownership of IT
   11. Supplier selection/performance, contractual compliance, termination of service and transfer
   12. Regulatory compliance
   13. Geopolitical
   14. Infrastructure theft or destruction
   15. Malware
   16. Logical attacks
   17. Industrial action
   18. Environmental
   19. Acts of Nature
   20. Innovation
3. Faktor Risiko
   1. Faktor Kontekstual
      1. Internal
         1. Enterprise goals and objectives
         2. Strategic importance of IT in the enterprise
         3. Complexity of IT
         4. Complexity of the enterprise
         5. Degree of change
         6. Change management capability
         7. The risk management philosophy
         8. Operating model
         9. Strategic priorities
         10. Culture of the enterprise
         11. Financial capacity
      2. External
         1. Market/economic factors
         2. Rate of change in the market in which the enterprise operates
         3. Competitive environment
         4. Geopolitical situation
         5. Regulatory environment
         6. Technology status and evolution
         7. Threat landscape

Sumber: COBIT 5 for Risk