Bring Your Own Device (BYOD) involves allowing employees to use their own mobile devices to access their organisations’ networks. Many organisations are embracing this trend as a means to cut information technology (IT) expenditure, enhance employee satisfaction, etc. However, these and other benefits come at a cost in the form of exposing an organisation to new risks. The aim of this research was to assist organisations to identify the incremental risks they could potentially encounter if they implement a BYOD programme and how they can reduce the risks directly related to BYOD to an acceptable level. An extensive literature review was performed to identify the risks which arise as a result of the adoption of a BYOD programme. COBIT 5 was identified as the most appropriate framework which could be used to develop possible safeguards to mitigate the incremental risks associated with a BYOD programme to an acceptable level. Safeguards were developed to address the risks.

Bring Your Own Device; BYOD; strategic risks; operational risks; COBIT 5; internal controls