Chapter 6. Risk Management of the IS Function

This chapter introduces the concept of computer risks and exposures and includes the development of an understanding of the major types of risks faced by the information system (IS) function, including the sources of such risk as well as the causes. It also emphasizes management’s role in adopting a risk position, which itself necessitates a knowledge of the acceptable management responses to computer risks. One of the most fundamental influencing factors in IS Auditing is the issue of corporate risk. This chapter examines risk and its nature and the corporate environment and looks at the internal audit need for the appropriate risk analysis to enable risk-based auditing as an integrated approach. This structured approach includes the effect of computer risks, the common risk factors, and the elements required to complete a computer risk analysis.

Leadership involves making choices in the face of uncertainty. “Risk” is the possibility that one or more individuals or organizations will experience adverse consequences from those choices. Risk is the mirror image of opportunity.[1]

Nature of Risk

Ultimately, all entities encounter risk regardless of their size, corporate structure, nature of business, or type of industry. All business decisions involve elements of risk whether it is a decision regarding the financing of the business, addition or deletion of product lines, or the sources and methods of supply to the organization. All these ...

Get Auditor’s Guide to Information Systems Auditing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.