Risk Management of the IT Function

THIS CHAPTER INTRODUCES the concept of computer risks and exposures and includes the development of an understanding of the major types of risks faced by the Information Technology (IT) function, including the sources of such risk as well as the causes. It also emphasizes management’s role in adopting a risk position, which itself necessitates a knowledge of the acceptable management responses to computer risks. One of the most fundamental influencing factors in IT auditing is the issue of corporate risk. This chapter examines risk and its nature and the corporate environment and looks at the internal audit need for the appropriate risk analysis to enable risk-based auditing as an integrated approach. This structured approach includes the effect of computer risks, the common risk factors, and the elements required to complete a computer risk analysis.

Leadership involves making choices in the face of uncertainty. “Risk” is the possibility that one or more individuals or organizations will experience adverse consequences from those choices. Risk is the mirror image of opportunity.1


Ultimately, all entities encounter risk regardless of their size, corporate structure, nature of business, or type of industry. All business decisions involve elements of risk whether it is a decision regarding the financing of the business, addition or deletion of product lines, or the sources and methods of supply to the organization. All ...

Get Auditor's Guide to IT Auditing, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.