| With the rapid development of the technology and the promotion of the economic globalization process, IT has come to pervade every aspect of enterprise business operations and processes, and has become key factor of critical business processes. However, the more the enterprise relys on IT, the higher risk will the enterprise takes. Because of the economic crisis 2008, global economic environment has changed dramatically, and people have begun to be aware of the importance of risk management. Enterprise risk management awareness has increased gradually after the economic crisis; it has become a new trend of business development. After the financial crisis, the urgent need to unity risk awareness, how to control IT risks, and how to establish IT risk management mechanisms have become the problem that can't be avoided. Unfortunately, most businesses do not establish systematic rational standards for IT risk governance framework and process to deal with IT risk.In China, enterprises were lack of IT risk awareness and appropriate IT risk governance framework and methods due to the backward of IT risk governance. In order to create the value consistently by IT and reduce the risks associated with the expected objectives, it is necessary to do some research on corporate IT risk management framework and method.Corporate governance should be extended to the IT field, and enterprise should create sound IT governance framework, especially the IT risk governance framework.Providing IT with the necessary leadership, organizational structure and related processes to ensure that IT can support the enterprise strategy to achieve the corporate strategic goals.This article refers to the current internationally recognized information technology audit and control standards COBIT, and it based on Risk IT framework which was released by ISACA in December 2009 with IT risk portfolio theory and IT governance best practices of enterprise to study IT risk governance framework and methods, which can benefit enterprise on risk identification, risk analysis, risk assessment and risk response; and will enable enterprises to understand and be familiar with IT risk governance methods and processes gradually, and promote the development of IT risk governance, and improve the overall efficiency and effectiveness of risk governance, and gain core competitive advantage finally.There are six parts of this thesis:Chapter one describes the background and the significance of this research, and introduces the research status, ideas and framework.Chapter two introduces the definition of IT risk and the introduction of the IT risk portfolio theory, and emphasizes the importance of using universal method to govern IT risk, and proposes IT risk classification in detail, and discusses the impacts of IT risk; then introduces the concepts and the main contents of IT risk governance; and finally explains the related perspectives of IT risk governance which provide theoretical cornerstone for the further study of this paper.Chapter three analyses the essential components of definitions and the importance of the three core domains of the Risk IT framework which are risk governance, risk assessment and risk response domain.Chapter four is the most important part of the thesis. It focuses on the establishment of Risk IT framework, explains the process of risk governance, risk assessment and risk response domain, which can help enterprise understanding the relationships of the three core domains, and then proposes the management guidelines of each core domain and maturity models, allowing enterprises to understand the content and significance of Risk IT framework more profound.Chapter five selects a typical case of IT risk governance from the perspective of the overall management of enterprises, combined with the specific IT risk assessment methodology, gives the interpretation of the A Company's establish of Risk IT framework.Chapter six proposes the main efforts and summary of innovation views, and the current problems and prospects of this thesis. |
PDF Full Text Request