Objectives, Risks, and Controls

  • Article

Published: April 25, 2008

 

Governance provides the principles, structures, and decision rights needed to carry out an organization’s key objectives and priorities in the context of the requirements and risks of the organization. Governance is defined in the Manage Layer, but it is integrated throughout all of the phases.

Management reviews introduce the appropriate level of governance, risk, compliance, and change management to Operate Phase activities. Every company will need to evaluate laws and regulations to determine their own policies and thus their own compliance controls. However, the MRs still provide management controls, and compliance can be evaluated at these points of the lifecycle.

The following table provides examples of how management objectives for this phase can be related to risk and then to controls that help manage those risks. By clearly linking objectives, risks, and controls an IT organization will be more effective and compliant and will more efficiently gather and maintain documented evidence of their control environment and risk management.

Table 6. Operate Phase Objectives, Risks, and Controls

Objective

Risk

Control

Ensure that each deployed IT service is operated to the level agreed to in its operating level agreements (OLAs) and SLAs

IT services fail to meet OLA or SLA obligations

Operational Health MR

Ensure that each deployed IT service is supported to the level agreed to in its SLA, and restored to health when it fails

Inadequate support results in poor customer experience

Operational Health MR

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.
Download

Get the Microsoft Operations Framework 4.0
Solution Accelerators Notifications

Sign up to learn about updates and new releases
Feedback

Send us your comments or suggestions