Businesses to benefit from combining IT and risk management
Information technology (IT) and risk management professionals must collaborate in order to get the most out of their organisation’s data and technology and more effectively mitigate potential dangers, according to a new white paper.
The paper, released by IT governance association ISACA and the Risk Management Society (RIMS), outlines how the changing digital risk landscape, new regulatory requirements and increasing commonalities between IT and risk management make a ‘strong case’ for aligning the two teams to achieve organisation-wide benefits, such as greater transparency, accountability, decision-making abilities and alignment with the organisation’s overarching mission.
To help organisations integrate IT and risk management teams, the ISACA has embedded ITS Risk IT Framework in the paper. The framework groups risk management into three domains — risk governance, evaluation and response — with the domains’ interactions guiding risk management activities, information exchange between processes and performance management within the overall business objectives.
“Because of expanding digital risk landscapes, risk management and cybersecurity capabilities are also evolving as a corresponding horizontal competency. Lack of, or poorly thought out, digital enterprise strategies can torpedo an organisation’s mission and overall objectives,” SAID RIMS Vice President of Strategic Initiatives and white paper contributor Carol Fox.
“Likewise, failed implementations that do not deliver expected value to the organisation, whether due to scope creep, budget overages or unrealistic expectations, can damage the viability of organisations, as much as security risks related to data breaches and expropriation of intellectual property.”
ISACA CISA, CISM and Technical Research Manager Paul W Phillips III added: “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organisations how they can visualise the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasises the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.
“Collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise. Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” Fox added.
“In doing so, IT and risk management professionals can leverage their knowledge and resources to better inform decision-makers on how business strategies and objectives can benefit from IT capabilities and spur investment in new technology.”
An AI tool developed by RMIT can prescribe the best physical working conditions for staff.
The pressure is on for businesses to rapidly establish a new model, with many employees resistant...
The federal government says the hub will help regional Australians overcome the barriers they...