CRISC - Certified in Risk and Information Systems Control term definition - Part 30

IT Governance Basic

IT governance framework

A model that integrates a set of guidelines, policies and methods that represent the organizational approach to IT governance.

IT Governance Institute® (ITGI®)

Founded in 1998 by the Information Systems Audit and Control Association (now known as ISACA). ITGI strives to assist enterprise leadership in ensuring long-term, sustainable enterprise success and to increase stakeholder value by expanding awareness.

IT incident

Any event that is not part of the ordinary operation of a service that causes, or may cause, an interruption to, or a reduction in, the quality of that service.

IT infrastructure

The set of hardware, software and facilities that integrates an enterprise's IT assets. Specifically, the equipment (including servers, routers, switches and cabling), software, services and products used in storing, processing, transmitting and displaying all forms of information for the enterprise’s users

IT investment dashboard

A tool for setting expectations for an enterprise at each level and continuous monitoring of the performance against set targets for expenditures on, and returns from, IT-enabled investment projects in terms of business values.

IT risk

The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.

IT risk issue

1. An instance of IT risk. 2. A combination of control, value and threat conditions that impose a noteworthy level of IT risk.

IT risk profile

A description of the overall (identified) IT risk to which the enterprise is exposed.

IT risk register

A repository of the key attributes of potential and known IT risk issues. Attributes may include name, description, owner, expected/actual frequency, potential/actual magnitude, potential/actual business impact, disposition.

IT risk scenario

The description of an IT-related event that can lead to a business impact.

IT steering committee

An executive-management-level committee that assists in the delivery of the IT strategy, oversees day-to-day management of IT service delivery and IT projects, and focuses on implementation aspects.

IT strategic plan

A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals).

IT strategy committee

A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions.

IT tactical plan

A medium-term plan (i.e., six- to 18-month horizon) that translates the IT strategic plan direction into required initiatives, resource requirements and ways in which resources and benefits will be monitored and managed.

IT user

A person who uses IT to support or achieve a business objective.

ITIL (IT Infrastructure Library)

The UK Office of Government Commerce (OGC) IT Infrastructure Library. A set of guides on the management and provision of operational IT services.

IT-related incident

An IT-related event that causes an operational, developmental and/or strategic business impact.

Information

An asset that, like other important business assets, is essential to an enterprise’s business. It can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation

Inputs and outputs

The process work products/artifacts considered necessary to support operation of the process. Inputs and outputs enable key decisions, provide a record and audit trail of process activities, and enable follow-up in the event of an incident. They are defined at the key management practice level, may include some work products used only within the process and are often essential inputs to other processes. The illustrative COBIT 5 inputs and outputs should not be regarded as an exhaustive list since additional information flows could be defined depending on a particular enterprise’s environment and process framework.

Investment portfolio

The collection of investments being considered and/or being made