Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity. IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price. Inherently, computer hardware and software as well as personnel present potential risks to an entity achieving business objectives.
Through appropriate management, risks can be accepted, reduced, or transferred; however, IT related risk can never be completely eliminated. Minimally, IT governance risk management should address strategic alignment, value delivery, resource management, and performance measurement. Depending on the circumstances, entity and IT governance domain characteristics may overlap or have distinctiveness, yet IT controls continuity and stability can be sustained even when governance domain characteristics are mutually inclusive.
Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359
Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.