Selecting a discretionary IT risk management framework imposes defining spending limits, work assignments and information decisions for creating and managing a viable strategically aligned IT management plan. IT risk management frameworks considered for adoption should allow development of risk management processes. These IT processes should identify, assess, manage, and control potential events or situations to permit reasonable assurance objectives will be achieved. Specifically, an effective IT risk assessment will define the IT risk appetite, enhance IT risk response, reduce IT operational aberrations, identify and manage IT irregular and illegal act schemes, as well as improve IT capital deployment.
“View Part I of the Managing the Dynamic Uncertainties of IT series here“