Technology Risk Management: The Need for Change & A New Approach (via Protiviti)
March 20, 2017
Protiviti recently published two white papers on Technology Risk Management that I think are well worth the read. The first, titled Technology Risk Management 1.0: The Need for Change, highlights the findings from our research evaluating the maturity of IT risk management practices at our clients. While there are many great takeaways, I thought these findings were the most important:
- Technology Risk Management activities are not coordinated across the organization.
- Risk metrics are technology-centric and do not provide relevant business insight.
- IT Risk management decisions are made without a foundational understanding of the organization’s risk appetite.
- We continue to focus on the negative/downside risk without consideration of how risk can be exploited for the organization’s strategic benefit.
The second white paper, titled Technology Risk Management 2.0: A New Approach, introduces the Protiviti Technology Risk Model 2.0 which addresses the issues highlighted by our research in the first white paper. The model provides a framework that transcend the top-down and bottoms-up risk assessment approaches in place at many organizations. I highly recommend reading both white papers if your company is looking to up it’s technology risk management game.