Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Management, ITG, ITSM, Performance Measurement, Risk Assessment, Risk Management, Strategic Planning, Value Delivery
To adequately govern not-for-profit IT, risk management must be addressed at multiple levels; including entity, project, and service layers. Those responsible for governance must understand the ubiquitous nature of technical and operational risks that each approved project presents and progressively meld initial assessments into an entity-wide, portfolio-focused and strategically driven comprehensive risk assessment. An entities managerial philosophy and operating style can be assessed by examining the nature of IT risks management accepts, the frequency of managements’ interaction with IT subordinates, and managements’ attitude toward monitoring IT processes; leading to designing and deploying specific compensating, mitigating, and/or enhancing activities.
“View Part I of the Not-for-profit Risk Management series here“