Does your organization use any tools or software applications to support ITRM (e.g., GRC tools)?
How would you compare the effectiveness of your organizations's ITRM with that of your competition?
(% participants responding 'ours is more effective' )
- IT risk governance and compliance monitoring and reporting
- Business drivers, regulatory requirements and (IT) risk strategy
- Organization/Risk identification and profiling/Policies and standards
- Process, risk and control framework
- Risk processes and operational procedures
ITRM work needs to be far-reaching and thorough.
How are other businesses managing IT risks?
Adoption of ITRM: In the IT Risk Agenda Survey we investigated the degree of adoption of ITRM. We found that over one third of the organizations had a well-established program and that almost a quarter had only recently implemented an ITRM program.
Which of the following best describes the ITRM program in your organization?
Does your organization
use any tools or software
applications to support
ITRM (e.g., GRC tools)?
Use of ITRM tools:We found that the more mature the ITRM program is within an organization, the more likely it is that the organization uses tools.
The perceived value of ITRM: We asked the participants in the IT Risk Agenda Survey to rate the effectiveness of their ITRM processes against that of their competitors. The results show that organizations with 'mature' ITRM rate the effectiveness of ITRM much more highly than peers.
How can you manage IT risks?
ITRM work needs to be far-reaching and thorough. The evolving nature of the IT risk landscape means that organizations must continuously monitor whether they have become significantly 'out of step' with the nature of today's threats, and in comparison to their industry peers are vulnerable to reputational and brand asset damage.
How would you compare
the effectiveness of your
organizations's ITRM with
that of your competition?
We think organizations should ask themselves the following questions to being putting ITRM into action:
Taking action: next steps to improve and implement ITRM
After reading this article, could you answer thebelow questions for your organization?
Enabling business performance
- What are the typical risks in your industry impacting your business performance?
- How important is ITRM as part of your overall riskmanagement?
- Do you understand how better ITRM can improve the performance of your business?
Focus on the IT Risks that matter
- Do you understand the mode that (parts of) your organization are in: ‘factory’, ‘strategic’, ‘support’, or ‘turnaround’? What are the key risk areas?
- How do the 6 mega trends in IT risk affect the IT risks your organization is facing?
- Do you have an accurate perspective on the use of mobile devices and social media by your employees in conducting their work? Especially with regards to the flow of company data and potential data leakage?
Your ITRM program
- How prepared is your company management to embrace IT risk as a firmwide challenge? Are you focusing on your key risks and do you direct your spend to the risks that matter?
- Are you continuously evaluating IT risks?
- Does your ITRM program cover all the compronents discussed on pages 12 and 13 of this report?
- Are you aware of the maturity of your ITRM program? What needs to be done to bring your program to the next level?
- What role can enabling technologies play in your ITRM program?