Evaluate IT GRC framework

We ask You to fill out the questionnaire about the presented framework's completeness. Under each Process flow, You can leave comments/feedback.

1. Is the Issue management complete regarding Direct process flow?

Process name Definitely include Maybe include Maybe exclude Definitely exclude
1) Manage issues
dealing with cases/issues/events which have not been declared as a risk/involving a risk
2) Update risks
issue that turned out to be risk has to be described for risk management to be able to deal with (identify, mitigate, etc) this in the future.
3) Update internal controls
internal controls as a main driving force in a system, need to be up to date and relevant
4) Value delivery
„is about executing the value proposition throughout the delivery cycle, concentrating on optimizing costs and providing the intrinsic value of IT” [Krey, 2010]

2. Is the Issue management complete regarding Evaluate process flow?

Process name Definitely include Maybe include Maybe exclude Definitely exclude
1) Value delivery
„ensuring that IT delivers the promised benefits against the strategy” [Krey, 2010].

3. Is the Issue management complete regarding Report process flow?

Process name Definitely include Maybe include Maybe exclude Definitely exclude
1) Produce prioritized matrix/heatmaps
reporting the situation of the system/department etc using heatmaps
Progress
Previous page