Risk Assessment

The Why and How of IT Risk Management

Image from April 2016 GFR

Risk is the effect of uncertainty on objectives. Risk management is a discipline for systematically calling out those things that can go wrong (or unexpectedly right) and then deciding what, if anything, to do with that information.

All organizations engage in risk management to some degree. Buying insurance, doing a background check on a potential employee, and conducting a security assessment are all examples of risk-management activities. The question is whether to formalize the risk-management function. The potential benefits from the extra effort to elevate risk management within an organization include: improving overall management, financial performance, regulatory compliance, governance, and internal controls; enhancing the reputation of the organization; and reducing losses.

While developing and implementing a risk-management program may not be part of the official job description for the position of finance officer, he or she should promote a structured approach to managing risk. Risks usually have a financial component, which makes them directly relevant and important to the responsibilities of the IT financial manager.