Technology is an enabler, not a solution, for deploying and executing a sound operational strategy. To ensure effectiveness, responsibility for executing an adopted strategy should be shared across the entity, making all employees accountable as part of a well-defined and articulated risk management program. Where this premise is institutionalized, a primary IT risk management practice should be vetting recommendations minimizing uncertainty, while considering the affect on IT functionality and usability. Consequently, comprehensive high-level IT risk assessments should be the starting point for developing or modifying an entity’s business and IT plans as well as associated policies, procedures, and standards.
“View Part I of the Managing the Dynamic Uncertainties of IT series here“