Skip to content

IT Risk Management: From IT Necessity to Strategic Business Value

Title Author(s) Type Topic(s) Comments Date
IT Risk Management: From IT Necessity to Strategic Business ValueWesterman, GeorgeWorking PaperIT-related Business Risk12006-12-29
Abstract: With information technology becoming an increasingly important part of every enterprise, managing IT risk has become critically important for CIOs and their business counterparts. However, the complexity of IT makes it very difficult to understand and make good decisions about IT risks. CISR research has identified four business risks--Availability, Access, Accuracy, and Agility--that are most affected by IT. Since nearly every major IT decision involves conscious or unconscious tradeoffs among the four IT risks, IT and business executives must understand and prioritize their enterprise's position on each. Three core disciplines--IT foundation, risk governance process, and risk aware culture--constitute an effective risk management capability. Enterprises that build the three core disciplines manage risk more effectively and their business executives have better understanding of their IT risk profile and risk tradeoffs. When done well, IT risk management matures from a set of difficult compliance and threat-reduction activities to become a true source of agility and business value.

Log in to download this publication.

Search all publications.


Post your comment

May 15, 2012

useful topic

RSS feed for comments on this post.

You must be logged in to post a comment.