Return
to Industry News listing of articles
7 Steps to Effective Risk Management
Many Enterprises Lack Consistency When It Comes to Applying
Risk Management
ITT
Leadership Alert by Amy Schuur, Network World, 05/27/2008
When
your organization talks about risk management, what does
it mean? According to Gartner, many enterprises are inconsistent
in the use and application of the term. So it's no surprise
that risk management often ends up “siloed”
into separate functional areas such as business continuity,
security, management and privacy.
Gartner’s
recent report, "A Risk Hierarchy for Enterprise and
IT Risk Managers," emphasizes the need for a holistic
view of risk. "An enterprise that wishes to better
understand and manage the risks to which it is exposed should
begin with enterprise-specific risk definitions and an organizational
risk hierarchy to which all risk-related specialists can
align," says Paul Proctor, vice president and distinguished
analyst at the IT research firm. "Although no single
definition will work for all enterprises, it is important
to start from a common, overarching framework to eliminate
overlap, avoid gaps in coverage and ensure good governance."
In
order to make risk management more effective in your IT
organization, Gartner offers 7 steps:
1.
Implement a framework for risk assessment and mapping.?
2. Outline the responsibilities of risk managers with their
respective domains.?
3. Identify and define the risks to which the business is
exposed and how to map incidents.?
4. Determine the threat level and focus on the risk with
the greatest potential to affect enterprise performance.?
5. Establish levels of controls for processes commensurate
with the perceived threat.?
6. Record and retain risk incident and near-miss information.?
7. Conduct periodic risk assessments to determine changes
in your company’s risk profile and assess performance.
Source
|
