COBIT 5 compliance: best practices cognitive computing risk assessment and control checklist

Purpose - The purpose of this paper was to develop a comprehensive best practices checklist that can be used by governing bodies to identify and evaluate an enterprise’s risk exposure around cognitive systems (CSs) and formulate mitigating internal controls that can address these risks. Design/methodology/approach - COBIT 5 was scrutinised to identify the processes which are necessary for the effective governance of CSs. The applicable processes were used to identify significant risks relating to cognitive computing (CC), as well as to develop a best practices control checklist. Findings - The research output developed was a best practices checklist and executive summary that would assist enterprises in evaluating their CC risk exposure and assess the adequacy of existing controls. The first checklist highlights the incremental risk exposure which needs to be addressed. To evaluate the effectiveness of the cognitive computing control structure, a best practices checklist was developed that can be used by internal auditors and risk and audit committees. An executive summary was developed to highlight the key focus areas that governing bodies need to consider. Practical implications - The checklist provides a tool to assess the enterprises’ risk exposure, evaluate the existing CC control mechanisms and identify areas that require management attention. Originality/value - The checklists and executive summary developed provides enterprises with a comprehensive checklist that can be used, while at the same time allowing them to discharge their responsibility in terms of King IV.