Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management
An IT risk assessment can classify information assets by criticality, sensitivity, and impact on operations. For most entities, comprehensive IT risks evaluations should be iterative and adaptive processes. Therefore, adequate IT risk management normally requires quarterly risk assessments to ensure established risk tolerance levels are maintained. Simultaneously, risk assessments should be considered whenever there is a change in the entity’s operations or use of technology, or when outside influences affect operations. However, unless mandated by law or regulation, risk assessment costs should not outweigh benefits derived from managerial due diligence.
“View Part I of the Managing the Dynamic Uncertainties of IT series here“