A Value-Based Approach to Risk Management (via Corporate Compliance Insights)

September 14, 2015

In this article, Protiviti’s Jim DeLoach discusses two ways that risk management can contribute value to the organization (strategic and proprietary views).  Jim makes many excellent points and the whole article is worth a thorough reading.  I was interested in how these broader Risk Management concepts could apply to IT Risk Management.  I’ve summarized my thoughts below:

Strategic View:

Proprietary View:

I really liked the multiple lines of defense concept that Jim outlined.  Specifically, he suggests three lines of defense:

In the case of IT, I would suggest that there is also value in a fourth, IT-centric line of defense: an internal IT risk management function.  For organizations of sufficient size, having a team within IT to evaluate and proactively respond to risk events can prevent issues from significantly impacting the organization through the other lines of defense.  It enables IT from reacting to issues identified by these lines of defense and shift to a proactive response.

What do you think about this article and the outlined approach?  How can you see it being applied to IT?

Read the Article: A Value-Based Approach to Risk Management (via Corporate Compliance Insights)