Businesses to benefit from combining IT and risk management


Monday, 16 September, 2019

Businesses to benefit from combining IT and risk management

Information technology (IT) and risk management professionals must collaborate in order to get the most out of their organisation’s data and technology and more effectively mitigate potential dangers, according to a new white paper.

The paper, released by IT governance association ISACA and the Risk Management Society (RIMS), outlines how the changing digital risk landscape, new regulatory requirements and increasing commonalities between IT and risk management make a ‘strong case’ for aligning the two teams to achieve organisation-wide benefits, such as greater transparency, accountability, decision-making abilities and alignment with the organisation’s overarching mission.

To help organisations integrate IT and risk management teams, the ISACA has embedded ITS Risk IT Framework in the paper. The framework groups risk management into three domains — risk governance, evaluation and response — with the domains’ interactions guiding risk management activities, information exchange between processes and performance management within the overall business objectives.

“Because of expanding digital risk landscapes, risk management and cybersecurity capabilities are also evolving as a corresponding horizontal competency. Lack of, or poorly thought out, digital enterprise strategies can torpedo an organisation’s mission and overall objectives,” SAID RIMS Vice President of Strategic Initiatives and white paper contributor Carol Fox.

“Likewise, failed implementations that do not deliver expected value to the organisation, whether due to scope creep, budget overages or unrealistic expectations, can damage the viability of organisations, as much as security risks related to data breaches and expropriation of intellectual property.”

ISACA CISA, CISM and Technical Research Manager Paul W Phillips III added: “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”

The report also includes RIMS’ Enterprise IT Risk Management Responsibility Assignment Matrix that shows organisations how they can visualise the roles within the IT ecosystem and the cross-functional expertise required, as well as a map for ISACA’s Risk IT Framework and the RIMS Maturity Model (RMM). The map emphasises the alignment between each domain in ISACA’s Risk IT Framework and the seven attributes of the RMM.

“Collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise. Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” Fox added.

“In doing so, IT and risk management professionals can leverage their knowledge and resources to better inform decision-makers on how business strategies and objectives can benefit from IT capabilities and spur investment in new technology.”

Image credit: ©stock.adobe.com/au/REDPIXEL

Related News

Intel announces two AI initiatives

Intel has announced an expansion of its AI PC Acceleration Program with new initiatives aimed at...

GitHub launches code-scanning autofix tool

GitHub's new code-scanning autofix solution uses AI and heuristics to automate the discovery...

Python has become the language of choice for AI devs

Use of Python as a programming language for AI development is outstripping all other languages, a...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd