IT Controls

IT Risks exist in every IT processes. Therefore, IT Controls should also be in place to mitigate or reduce the IT risk.

IT Controls are available in COBIT. COBIT is something like an IT standard. COBITS focused on 34 IT processes and define what are the controls that have to be in place for these processes.

For a simple illustration,
IT Risks-----> IT Processes------> IT Controls

• Infrastructure Risk-----> Plan & Organise (PO)--------> IT Plan
• Infrastructure Risk-----> Monitor & Evaluate (ME) ---->Supervisory Review
• Availability Risk -------->Deliver & Support (DS) ------>IT Continuity Plan
• Access Risk-------------> Deliver & Support (DS)------> IT Security Plan
• Integrity Risk----------> Acquire & Implement (AI)---> Change Standard, procedures
• Relevance Risk---------> Deliver & Support (DS)------> Business Requirements
  
  Therefore, every organisation needs to evaluate whether the IT controls is sufficient to address and mitigate the IT risks.