Risk management, at its core, is a simple concept, but is often extremely difficult to implement and maintain. For information technology managers, it’s an increasingly important skill.
Its key precepts are to identify risks to your business, to assess those risks by determining their potential impact and their likelihood of occurrence, and then to take steps to mitigate the risks to an acceptable level.
Market, credit, and operational risks have traditionally been a part of the corporate decision-making process, as they are easily quantifiable and measurable items. IT risk, however, has often been excluded from the boardroom. That’s due in part to the difficulty of measuring direct financial impact to both IT infrastructure and the business itself.
However, we are now in an age where the processes of capturing, storing, and retrieving information is the foundation upon which most of the world currently operates. Since information is now the dominant force and the most valuable asset for many modern companies, managers can no longer afford to ignore or downplay IT and the risks associated with it.
The U.S. National Institute of Standards and Technology expounds on this newfound importance of IT risk management in a special publication: “The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.”
No comments:
Post a Comment