Having established the need for IT governance, the benefits of proactive management of the IT risk portfolio and having explored each of the seven classes of IT risk, we now turn to examine other enterprise risks and the relationship with IT.
You can't put a fence around IT risk and separate it from the remainder of your organization's activity. IT is intimately associated with a range of business activities that are sources of risk and, as such, has a key part to play in the control environment. IT risk managers must team with those managing enterprise risks from other perspectives – in their line roles or as functional specialists – to ensure IT risks are given the right priority and that opportunities for IT systems and services to assist in managing risks of different types are leveraged.
Furthermore, at a general level, IT can facilitate the wiring-up, locking-down and constant surveillance of your business, and specifically in the domain of risk management information systems, IT will be relied on for advanced risk analytics and reporting.
Finally we examine IT risk management reliance on a range of other organization capabilities for effective preparation, defence and response: from the strategy-setting role of the business leaders to the physical security role of the building and facilities staff – down to and literally including the janitor!
Divergent perspectives are healthy and ensure completeness in the coverage of enterprise risks, ...