Risk Risk Management

Published on February 2nd, 2013 | by Ben


What is Risk Management?

What is Risk Management?

Risk management is a process for managing risks that could occur as a result of business activity across an organisation. The first step of this process involves the identification, assessment and evaluation of risks:

  • Risk Identification – determine and document the risks faced by an organisation.
  • Risk Assessment – evaluate the likelihood of risks and their potential impact to business operations.
  • Risk Evaluation – determine the significance of the risks identified as compared with the risk appetite of the organisation.

IT risks should be treated in the same was as any other business risk.

Once the above tasks have been undertaken, the next step in the risk management process is to decide the response to the risk.

Risk Responses

There are four ways to respond to identified risks facing an organisation:

  1. Avoid – Not continue with the business activity to which the risk relates.
  2. Mitigate – Actions are taken to reduce the likelihood and/or impact of the risk.
  3. Transfer – The impact of the risk is reduced by sharing the risk with an external company i.e. an insurance policy is taken out to cover a disaster.
  4. Accept – The organisation accepts the risk.

The board of directors and senior management have the responsibility of establishing a risk culture within an organisation which is the shared values and beliefs that govern the attitudes and behaviours towards risk. Whether a risk can be accepted will depend on the risk appetite of an organisation.

A risk management strategy should be put in place so that each risk is addressed with the appropriate response. Risks should be monitored and updates communicated to key stakeholders in order to ensure the continued effectiveness of the risk management strategy.

 Did you find this post useful? Share it on LinkedIn!

Tags: ,

About the Author


Ben has over six years experience working for a Big 4 consultancy within IT Advisory and over ten years experience within the IT industry as a whole having previously worked as a Business Analyst and Project Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑
  • Subscribe!

    Want access to exclusive free offers and content? Enter your Name and Email address below

  • IS Risk Jobs