The business environment and ITRM
The business environment and ITRM
We've identified 11 significant risk categories in the larger IT risk universe.
Managing IT risk is less about just IT and more about managing risks for the whole business. Get to know the evolving IT risk landscape.
IT risks are firmly linked to business risks
Let's start thinking about how business risks overlap IT risks by looking at examples. Banking and technology are two industries where business risks overlap IT risks. The charts below, from The Ernst & Young Business Report 2010, illustrate this point.
The banking sector has a generic 'IT risks' category (green star) while the technology sector focuses more specifically on 'data risks' (orange star).
Banking
Most of the business risks have a strong link to IT risks
- Regulatory risk. How will regulators respond to the increasing threat of IT risk?
- Geopolitical shocks. What is your exposure to these shocks?
- How responsive is your IT organization?
- Reputation risk. How would a cyber attack affect your reputation and brand?
- Control failures. Could gaps or weaknesses in IT controls and security be contributing factors?
- IT risk. How will you address the key risk areas of security, resilience and data leakage?
Technology
Most of the business risks have a strong link to IT risks
- Expansion in emerging markets. Does increasing your company'sfootprint add to the challenge of business continuity?
- Reshaping the business. How much would your IT risk profi le change?
- Shared services centers. Would this increase the risks to securityand IT sourcing?
- IP and data security. Are you covered against data leakage, lossand rogue employees?
- Selective acquisitions and effective integration. How successfulare your investments if you are not able to integrate the ITenvironment of an acquired company?
The Risk
exposure
Moving away from specific examples in banking and technology, we've identified 11 significant risk categories in the larger IT risk universe.
- Third-party suppliers and outsourcing
- Programs and change management
- Security and privacy
- Physical environment
- Staffing
- Operations
- Data
- Infrastructure
- Applications and databases
- Legal and regulatory
- Strategy Alignment
Information technology risk management (ITRM) provides the overall risk and control framework that enables the most important control objectives for IT:
- Efficiency
- Compliance
- Confidentiality
- Integrity
- Availability
The business environment
and ITRM
IT risks have evolved over the years, as illustrated in the chart at the right.
Some of the key risks to focus on and their implications for ITRM are:
- Trends like business process outsourcing (BPO), cloud computing and IT outsourcing are all creating greater dependency on third parties. Therefore managing business continuity — and ensuring the availability of IT facilities — has additional external dimensions and complexities.
- Events like the WikiLeaks incidents, identity theft and mobile computing are forcing companies to focus more on data leakage risks.
- EU data protection directives are helping companies take action against increased cybercrime, phishing and online fraud.
For fast moving companies, reliance on effective ITRM is considerable. They understand that an IT risk incident imperiling data and undermining consumer confidence could threaten their very existence.
Cybercrime is a highly unpredictable risk and has inevitably drawn increasing governmental regulation and oversight scrutiny.
<< Previous | Next >>
