IT Risk Management in the enterprise using CobiT 5

The purpose of the paper is to demonstrate how to manage IT risks in an enterprise using an IT Governance framework such as the CobiT 5 and Balanced Scorecard (BSC) method integrated within this framework. The BSC method will help business and IT management build business strategy based on the stakeholder needs as well as generate relevant IT strategy. The CobiT 5 framework offers generic models for BSC/IT BSC strategic maps and links them to IT processes. A company of any size and industry can use such models and adapt them to its business practice. Mapped IT processes and aligned with business and IT goals are the basis for identifying possible IT risks as well as the likelihood of their occurrence and consequences for business. These tools were used within a specific institution for the purpose of this research. The research method is mainly based on the interviews with the business executives, process owners, Chief Information Officer, IT managers and the security manager.