Welcome » IT Booklets » Management » IT Risk Management Process
IT controls result from an effective, risk assessment process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monitor technology to avoid risks that threaten the safety and soundness of an institution. The institution should (1) plan for use of technology, (2) assess the risk associated with technology, (3) decide how to implement the technology, and (4) establish a process to measure and monitor risk that is taken on. All organizations should have:
This process will typically require a higher level of formality in more complex institutions with major technology-related initiatives.
The risk identification and management process for technology-related risks is not complete without consideration of the overall IT environment in which the technology resides. Management may need to consider risks associated with IT environments from two different perspectives: