Risk management

The focus is on giving reasonable assurance that the continuity of the organisation is not in danger.

The management of risks is a cornerstone of IT governance, ensuring that the
strategic objectives of the business are not jeopardised by IT failures. Risks
associated with technology issues are increasingly evident on board agendas,
as the impact on the business of an IT failure can have devastating
consequences. Risk is, however, as much about failing to grasp an opportunity
to use IT—for example, to improve competitive advantage or operating
efficiency—as it is about doing something badly or incorrectly.
Managing IT risks and exercising proper governance are challenging
experiences for business managers faced with technical complexity,
dependence on an increasing number of service providers, and a limited
supply of reliable risk-monitoring information.
Executives need guidance at a business level. What is the real impact on the
business? What are the issues? How can I be sure that real and important risks
are being addressed? When should IT risks be taken to enable business
growth?

We offer consultancy in the following area's:

  • The application of risk management at the strategic, portfolio, program, project and operations levels
  • The relationship of the risk management approach to legal and regulatory compliance
  • Methods to align IT and enterprise risk management
  • The relationship of the risk management approach to business resiliency (for example, business continuity planning and disaster recovery planning)
  • Risk, threats, vulnerabilities and opportunities inherent in the use of IT
  • Types of business risk, exposures and threats (for example, external environment, internal fraud) that can be addressed using IT resources
  • Risk appetite and risk tolerance
  • Risk mitigation strategies related to IT in the enterprise
  • Methods to monitor effectiveness of mitigation strategies and/or controls