Adequate risk management provides processes whereby the entity methodically addresses risks impacting the IT architecture with the goal of achieving sustained benefit from each IT configuration and across the portfolio of IT configurations. Typical risks to IT configurations include illegal acts, errors, business interruptions, as well as ineffective and/or inefficient utilization of resources. Adoption of an appropriate risk process model can aid in defining how management will conduct risk assessments. In particular, through establishing IT value delivery monitoring, management can reduce risks to accomplishing information: effectiveness, efficiency, confidentiality, integrity, availability, reliability, and/or compliance.
“View Part I of the Not-for-profit Risk Management series here“