Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation
Management should implement a control environment consistent with its risk assessment. Sound IT operations controls are grounded in policies, standards, and procedures that provide for:
Risk mitigation involves creating a sound control environment that reduces internal and external threats to the institution's tolerance level and establishes a structured environment for IT operations. Examples of controls include policies and procedures related to personnel and operations, segregation of duties and dual controls, data entry controls, quality assurance programs, industry certification, and operating thresholds and parameters. While not a control, insurance can be an effective risk mitigation tool. Management should balance controls against business operations requirements, cost, efficiency, and effectiveness.