IT Risk Management using Risk IT

IT Risk Management using Risk IT

Integrate IT risk into the overall enterprise risk management of the organisation

20-21 January 2010 (14-21u)
Location: Pullman Diegem (Diegem)
Presented in English by
Price: 1150 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

 Learning Objectives

Why Focus on IT Risk ?

The current economy brings with it a new spectrum of IT-related business risk. Economic hard times, emerging technologies, the extended enterprises all create their own challenges for IT. The impacts of IT-related risk are also constantly increasing, such as those of a bank’s ATM network not being available, major project delays or failures, reputational impacts of the loss of confidential customer data, or missed business opportunities due to an inflexible enterprise architecture. These and other factors are driving many organisations to optimise the management of IT risk.

The Risk IT Framework

ISACA has launched the first version of the Risk IT framework on November 20, 2009. Risk IT is designed to help enterprises manage IT-related risk and to make appropriate risk-adjusted decisions. The framework explains IT risk and enables users to integrate IT risk into the overall enterprise risk management of the organisation; make well-informed decisions about the extent of risk, risk appetite and the risk tolerance of the enterprise; and understand how to respond to the risk.

The Risk IT framework is aligned with major Enterprise Risk Management standards and translates their principles for IT. IT Risk is considered very broadly and includes IT Benefit/Enablement risk, IT Program and Project Delivery Risk and IT Operations and Service Delivery Risk.

Workshop Objectives:

At the end of this 2-day practical workshop, participants will:

  • Understand the nature of IT risk and how it applies in their own organisations and the major principles of IT risk management
  • Understand the broad range of IT risks, beyond purely IT operational and IT security risks
  • Understand how the ISACA Risk IT process model can help them to manage IT risk
  • Have become familiar with the practical guidance and techniques available in the Risk IT Practitioner’s Guide to assist in practically implementing IT risk management
  • Have applied and practised all of the learning concepts in a practical and comprehensive case study

Workshop Format:

The workshop format is highly interactive with an emphasis on practical application of theory and techniques. This will be achieved through a mixture of short lecturing sessions and case study work:

  • The theoretical part, where Risk Management and the Risk IT Framework are explained in short sessions – this part will take 1/3 of the time.
  • A comprehensive case study, where all parts and techniques of IT Risk Management and Risk IT are applied, building upon the knowledge acquired during the session – this part will take 2/3 of the time

Who Should Attend this Workshop ?

This course will significantly benefit IT Managers, Enterprise Risk Managers, Corporate Security Officers, Information Security Officers and other Security Professionals, Auditors, Consultants and anyone who wants to gain insight and experience in risk management and the Risk IT Framework, in particular what it is and how to use it.

 Full Programme

The major topics of this workshop include:

  • IT risk, the link between IT Risk Management on one hand and IT governance and enterprise risk management on the other hand;
  • positioning of IT Risk between other risk management standards (ISO 31000, COSO ERM, etc);
  • the Risk IT framework and its components; risk responsibilities and accountabilities;
  • IT risk scenarios;
  • IT risk analysis;
  • risk response;
  • risk reporting and communication;
  • how to use existing best practice frameworks like CobiT and Val IT for effective IT Risk Management

The workshop content, consisting of some theory and many exercises, is spread over 2 days:

13.30h - 14.00h
Registration (first day). Welcome Coffee/Tea with Refreshments
14.00h - 21.00h
Full Programme of Workshop Day 1
  • General introduction to IT risk and Risk Management principles
  • IT Risk Management positioned in relation to IT Governance – positioning of Risk IT versus COBIT and Val IT in the IT Governance best practice landscape; discussion on how to combine the use these frameworks to achieve good IT Governance practices
  • Overview and short description of some major applicable standards and frameworks (COSO ERM, ISO31000)
  • The Risk IT Framework - discussion of the IT Risk Management process model and its components
  • Exercises: describe and document a risk management process and roles and responsibilities
  • Exercise: assess a risk management process
  • Wrap-up and Q/A
End of Workshop Day 1
13.30h - 14.00h
Welcome Coffee/Tea with Refreshments
Full Programme of Workshop Day 2
  • The Risk IT Practitioner Guide - discussion of this practical guide for IT Risk Management
  • Exercises: describe risk appetite and create a risk taxonomy
  • Exercise: define IT risk Scenarios and perform risk analysis
  • Exercise: define a risk response
  • Exercise: create risk profile of an organisation and develop a communication/reporting scheme.
  • Wrap-up and Q/A
End of the Workshop


Dirk Steuperaert (IT In Balance)
IT In Balance

Dirk Steuperaert is since early 2008 an independent consultant (IT In Balance BVBA). He provides training and advice on IT Governance and IT Risk Management issues.

Before this, Dirk worked for over 10 years with PricewaterhouseCoopers Belgium. He performed and lead multiple IT audits and IT Governance assignments.

Dirk started his career in IT with SWIFT, the global funds transfer network. Later he switched to IT Audit in SWIFT, in a large Belgian bank and with an international clearing house.

Dirk has been heavily involved in international ISACA activities during the last five years, including:

  • Member of the COBIT Steering Committee (ISACA's international committee overseeing and steering all COBIT developments) between 2004 and 2008.
  • Member of the Risk IT Task Force as project manager of the development team and lead developer.
  • Project Manager and Lead Developer of ISACA's COBIT 5 Framework.

Dirk is a well-appreciated instructor for COBIT, IT Governance and IT Risk related topics.

Dirk holds a master in engineering degree, a master in computer Auditing degree and holds the CISA, CGEIT and CRISC certifications.

Questions about this ? Interested but you can't attend ? Send us an email !