The IT program’s ambit generally dictates the risk assessment approach. Regarding techniques, the IT program’s ambit determines ‘what’ will be assessed, ‘how’ it will be assessed and assessment limits. Reflective of the IT planning premise, evaluating cost versus data collection level will aid in defining the risk assessment team’s effort. Simultaneously, documenting overall and detail control perimeters assists in assessing risk analysis process decisions and data. From this point, detail IT control perimeters can be delineated by functional areas, IT environments, and/or physical locations. In addition, based on the IT risk assessment ambit, risk assessment tools and techniques can be selected to ensure data collection standardization.
“View Part I of the Managing the Dynamic Uncertainties of IT series here“