MPCS - Project Management Resources

eHome

PMO

ePMO

PMO Documents

PM

PMLC

PM Documents

IT

PLCF

IT Documents

CM

CM Documents

F&PM

F&PM Documents

BOM

BOM Examples

BOM Documents

BPM

BPM Documents

RM

ERM

VoR

CM Risk

PM Risk

IT Risk

BOM Risk

F&PM Risk

BPM Risk

Leadership Risk

RM Documents

HRM

HRM Documents

Leadership

Leadership Documents

CLM

CLM Documents

 

   
IT Risk

Information Technology (IT) Risk Management

 

The IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:

 

The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise

 

IT risk management can be considered a component of a wider Enterprise risk management system.

 

The establishment, maintenance and continuous update of an Information Security Management System (ISMS) provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.

 

Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.

 

According to Risk IT, it encompasses not just only the negative impact of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the benefit\value enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact.

 

Because risk is strictly tied to uncertainty, decision theory should be applied to manage risk as a science, i.e. rationally making choices under uncertainty.

 

Generally speaking, risk is the product of likelihood times impact (Risk = Likelihood * Impact).

 

The measure of a IT risk can be determined as a product of threat, vulnerability and asset values:

Risk = Threat * Vulnerability * Asset

 

IT risk is a part of business risk—specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. It consists of IT-related events that could potentially impact the business. It can occur with both uncertain frequency and magnitude, and it creates challenges in meeting strategic goals and objectives.

 

Management of business risk is an essential component of the responsible administration of any organization. Due to IT’s importance to the overall business, IT risk should be treated like other key business risks.

 

The Risk IT framework explains IT risk and enables users to:

  • Integrate the management of IT risk with the overall ERM
  • Compare assessed IT risk with risk appetite and risk tolerance of the organization
  • Understand how to manage the risk

 

IT risk is to be managed by all the key business leaders inside the organization: it is not just a technical issue of IT department.

 

IT risk can be categorized in different ways:

 

IT Benefit/Value enabler

Risks related to missed opportunity to increase business value by IT enabled or improved processes.

 

IT Program/Project delivery

Risks related to the management of IT related projects intended to enable or improve business: i.e. the risk of over budget or late delivery (or not delivery at all) of these projects.

 

IT Operation and Service Delivery

Risks associated to the day by day operations and service delivery of IT that can bring issues, inefficiency to the business operations of an organization.

 

The Risk IT framework is based on the principles of enterprise risk management standards/frameworks such as COSO ERM and ISO 31000. In this way IT risk could be understood by upper management.




 

 

 Terms & Conditions  |   Privacy Policy 

   © Copyright MPCS. All rights reserved.