Midterm IT Audit and Control Flashcards
(12 cards)
What are the components of risk management?
- Components of Risk Management
- Multitiered Risk Management
- Tier One—Organization View
- Tier Two—Mission/Business Process View
- Tier Three—Information Systems View
- Trust and Trustworthiness
- Organizational Culture
- Relationship Among Key Risk Concepts
What is the definition of trust in the context of risk management?
Trust is an important concept related to risk management.
What is trustworthiness?
An attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity.
What factors influence the degree of trust in a partnership?
- Missions, goals, and objectives of the partners
- Criticality/sensitivity of activities
- Risk tolerance of organizations
- Historical relationship among participants
True or False: The degree of trust among entities is a static quality.
False
What does trustworthiness of information systems express?
The degree to which information systems can preserve the confidentiality, integrity, and availability of information.
What are two factors affecting the trustworthiness of information systems?
- Security functionality
- Security assurance
Define organizational culture.
The values, beliefs, and norms that influence the behaviors and actions of members within an organization.
What happens when a risk management strategy is inconsistent with organizational culture?
It is likely to be difficult, if not impossible, to implement.
What role do senior leaders play in risk management?
They set the direction and influence how risk is managed based on existing values and priorities.
What is the relationship among key risk concepts?
Risk-related concepts like risk tolerance, trust, and culture all impact risk management.
List the key interrelated concepts in risk management.
- Governance
- Risk Tolerance
- Trust
- Culture
- Investment Strategy
