Developing a risk assessment based solely on COBIT would be sufficient if the
results were intended only to assist IT department governance decisions. However,
moving to a cloud environment may cause a paradigm shift in business processes,
so the IT business risk assessments must be shared, comprehended and jointly
governed by all affected business managers (C-level to business line managers)
from across the enterprise. The presentation of the cloud governance analysis needs
IT Goal 10
Ensure mutual
satisfaction of
third-party relationships
IT Goal 16 Reduce solution and service
delivery defects and rework
IT Goal 22 Ensure minimum business
impact in the event of an
IT service disruption or change
IT Goal 23 Make sure that IT services
are available as required
Business Goal 6 Establish Service
Continuity and Availability
DS2 PO8 AI4 AI6 AI7 DS10 PO6 AI6 DS4 D12 DS3 DS4 DS8 DS13
Business Goal 1
Provide a good return on
investment of IT-enabled
business investments
IT Goal 24
Improve IT’s cost efficiency
and its contribution to
business profitability
DS6 PO53. Governance in the Cloud 41
© 2 0 1 1 I S A C A . A l l R i g h t s R e s e r v e d .
to be formatted in a manner that is easily internalized and readily and continually
communicated to all affected departments.