Welcome » IT Booklets » Management » IT Risk Management Process » IT Controls Implementation » Operations
Senior management should be aware of and mitigate the operational/transactional risks associated with IT operations. Financial institutions and their service providers may have one or more IT operations groups. The number and types will vary from organization to organization. Common examples are data center or computer operations, network services, distributed computing, personal or desktop computing, change management, security, resource management, and contingency planning.
Many operations functions have significant risk factors that need effective management and control. For example, system and security administrators have powerful levels of control over the systems they operate or manage. Institutions should record and review audit trails and logs of system and security administrator activities to control the risk exposure. Additional information on this topic is available in the IT Handbook's "Operation's Booklet."