It Risk Management: From IT Necessity to Strategic Business Value
With information technology becoming an increasingly important part of every enterprise, managing IT risk has become critically important for CIOs and their business counterparts. However, the complexity of IT makes it very difficult to understand and make good decisions about IT risks. CISR research has identified four business risks - Availability, Access, Accuracy, and Agility - that are most affected by IT. Since nearly every major IT decision involves conscious or unconscious tradeoffs among the four IT risks, IT and business executives must understand and prioritize their enterprise's position on each. Three core disciplines - IT foundation, risk governance process, and risk aware culture - constitute an effective risk management capability. Enterprises that build the three core disciplines manage risk more effectively and their business executives have better understanding of their IT risk profile and risk tradeoffs. When done well, IT risk management matures from a set of difficult compliance and threat-reduction activities to become a true source of agility and business value.
MIT Sloan School of Management Working Paper4658-07
IT related risk, IT governance, IT architecture, business agility