Where Is Your Risk Assessment?

One of the few analyses that are overlooked in most IT departments is a comprehensive risk assessment.

A risk assessment should identify, analyze, and weigh all the potential risks, threats and hazards to a company’s internal and external business environment. 

The process of identifying risks/threats, probability of occurrence, the vulnerability to each risk/threat and the potential impact that could be caused, is necessary to prepare preventative measures and create recovery strategies.  Risk identification provides a number of other advantages to a company including: 

  • Exposes previously overlooked vulnerabilities that need to be addressed by plans and procedures
  • Identifies where preventative measures are lacking or need reevaluation
  • Can point out the importance of contingency planning to get staff and management on board
  • Will assist in documenting interdependencies and point out single points of failures

An effective risk management process is an important component of a company’s MIS department. The principal goal is to protect a company and its ability to perform its mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT, but as an essential management function of the organization.

Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This assessment provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help a company better manage IT-related mission risks.

About these ads

One thought on “Where Is Your Risk Assessment?

  1. Good post and an important topic for IT leadership.

    Another thought to consider is the importance of getting diverse input on the matter. If the IT group, or any group, just looks at this themselves, then they can overlook risks that others might see. The Black Swan book also provides some very important and interesting thoughts to consider too.

Please leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s