ISACA USA annuncia la disponibilità della versione definitiva di "IT Control Objectives for Basel II: The Importance of Governance and Risk Management for Compliance". Il documento può essere scaricato (per gli associati) in formato pdf (1 M, 105 pp) o acquistato on line nella versione cartacea  (20 dollari per gli associati, 50 per gli altri). Il 16 maggio 2007 ISACA aveva pubblicato la prima bozza del documento di cui avevo tradotto l’indice, la prefazione e l’executive summary.

Indice del documento

• Preface

1. Executive Summary
• Scope and Purpose
• How to Read This Document
2. Governance, Risk Management and Compliance:
• Top Business Priorities
3. Evolving Regulatory Landscape
4. The Basel II Approach to Managing Risk
5. The Need to Manage Operational Risk
• Risk Management Approaches
• Framework for Operational Risk Management
• COSO Components
• Operational Risk Principles and IT Relevance
6. Managing Information Risks
• IT Guiding Principles
• Causes of Loss and IT Risk
• IT Risk Scenario Analysis
7. Business Processes to IT Risks to IT Controls:
• Applying the COBIT Framework
• Use of Existing Documentation
• The Business Line Approach in Basel II
• Defining IT Risk
• Defining IT Controls
8. Use of Key IT Risk Indicators

• Appendix I—Basel II Summary
• Appendix II—High-level Alignment of COSO ERM and Basel II
• Appendix III—High-level Alignment of Basel II Principle 1: 
• The Second Pillar—Supervisory Review Process (June 2006) and COSO ERM—Integrated Framework (September 2004)
• Appendix IV—The Dependence of the COSO ERM Framework on Data Quality
• Appendix V—Basel II and COBIT
• Appendix VI—COBIT Processes
• Appendix VII—ABC Bank: A Worked Example
• Appendix VIII—References