Revive Your Risk Management Program With a Regular Health Check

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Having set up an IT risk management program that successfully mitigates key risks and raises the profile of IT risk in the eyes of the business, you have taken a significant step in your evolution as a strategic and proactive IT leader.
Unfortunately, your risk assessment is already outdated. Perform regular health checks to stay on top of the key risks threatening the business – and your reputation.
Our project seizes the momentum you created by building a robust IT risk management program, and creates a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
Our approach keeps the business on board by stressing the financial impact of IT risks as well as opportunities for calculated risk taking revealed through a deep understanding of how IT-related risk impacts the business.
Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

Our Advice

Critical Insight

A false sense of security may be your greatest risk. The IT threat landscape is evolving rapidly and won’t wait for you to catch up.
Risk management should be seen and heard. Communicate the dollar value of risk management to keep the business engaged.
The first health check is pivotal. Successfully going through the risk management process the second time around is the difference between IT risk management being perceived as a one-off project and an ongoing program.
Risk management is not checking boxes – you need to be constantly improving. Measuring the effectiveness of your risk management activities is crucial for ensuring that the program lives up to its mandate. It also allows you to communicate a compelling value proposition to senior leadership.

Impact and Result

To prevent your IT risk management program from becoming an artifact, conduct quarterly, biannual, or annual health checks to reassess your risk portfolio and identify new threats and vulnerabilities.
Develop and track metrics to measure the success of IT risk management and illustrate the value of the program to senior leadership.
Create consultant-quality deliverables that inform senior leadership about IT’s risk recommendations, highlighting the potential cost of IT risks and the value created by IT risk projects.
Get better at identifying and assessing IT risk and measure the improvement.
Institutionalize the IT risk management program by consistently engaging key stakeholders within and outside of IT.

Revive Your Risk Management Program With a Regular Health Check Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should revive your risk management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Revive Your Risk Management Program with a Regular Health Check – Executive Brief

1. Refine IT risk management governance

Assess the maturity of the risk management program and build an improvement plan.

2. Reassess IT risk events and identify new threats

Reassess previously identified IT risk events and identify new threats.

3. Develop risk responses and communicate priorities to the business

Establish monitoring responsibilities, identify risk responses, and communicate priorities to the business.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

10.0/10

Overall Impact

$1,239

Average $ Saved

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

US Department of Defense - Cyber Crime Center - DCISE

Guided Implementation

10/10

$1,239

Workshop: Revive Your Risk Management Program With a Regular Health Check

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Refine IT Risk Management Governance

The Purpose

To assess the maturity of the risk management program and build an improvement plan.

Key Benefits Achieved

Perform a program retrospective to jump-start operational improvements and retain the involvement of keep stakeholders.

Activities

Outputs

1.1

Review IT risk fundamentals

1.2

Set workshop goals and expectations

1.3

Assess risk management process, and identify accomplishments and challenges

An updated Risk Management Program Manual

1.4

Build a Risk Management Program Improvement Plan

A completed Risk Management Program Improvement Plan

Module 2: Reassess IT Risk Events and Identify New Threats

The Purpose

To re-engage business stakeholders, re-assess IT risk events, and identify new risks.

Key Benefits Achieved

Reassess your risk register and identify new risk events regularly to minimize the exposure of your organization.

Activities

Outputs

2.1

Review IT and business context changes

An updated and complete Risk Register with all relevant IT risk events

2.2

Consider how context changes impact organizational risk tolerance

An updated Risk Management Program Manual

2.3

Generate tactics to re-engage business stakeholders

A revised stakeholder RACI

2.4

Determine if implemented risk responses were successful

2.5

Re-assess the severity of previously identified risk events

2.6

Augment risk event list with capability maps

An updated and complete Risk Register with all relevant IT risk events

2.7

Assess the severity of newly identified risk events

2.8

Perform an expected cost assessment

Module 3: Develop Risk Responses and Communicate Priorities to the Business

The Purpose

Establish monitoring responsibilities and develop risk responses.
Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

Key Benefits Achieved

Turn risk priorities into fully funded projects that have the support of the business.
Effectively deliver IT risk expertise to the business to guide risk-conscious decision making.
Communicate the value and success of the program in a compelling way to ensure continued support and engagement.

Activities

Outputs

3.1

Perform a root cause analysis

3.2

Identify and assess risk responses

3.3

Identify and assess risk responses

Completed Risk Event Action Plans

3.4

Review a risk response cost-benefit analysis

An updated Risk Management Program Manual

3.5

Create multi-year cost projections

3.6

Customize the IT Risk Management Executive Brief

A communication guide and completed IT Risk Management Executive Brief

3.7

Finalize the Risk Report and Program Manual

A detailed Risk Report
An updated Risk Management Program Manual

3.8

Transfer ownership of risk responses to project managers

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 9 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Refine IT risk governance management

Call 1: Identify successes and challenges of risk management processes, people, and technology
Call 2: Build an Risk Management Program Improvement Plan
Call 3: Assess business context changes and assess their impact

Guided Implementation 2: Reassess IT risk events and identify new threats

Call 1: Assess the success of implemented risk responses and their impact on risk severity
Call 2: Re-apply identification methodologies and augment with capability mapping
Call 3: Assess severity of new risk events and calculate expected costs

Guided Implementation 3: Develop risk responses and communicate priorities to the business

Call 1: Prioritize assessed risks and set up monitoring responsibilities
Call 2: Identify and assess risk response actions
Call 3: Communicate risk priorities to the business

Authors

Scott Janz

Eric Dolinar

Contributors

Sterling Bjorndahl, Director of IT Operations, eHealth Saskatchewan
Ken Piddington, CIO and Executive Advisor, MRE Consulting
Tamara Dwarika, Internal Auditor
Michael Fossé, Consulting Services Manager, IBM Canada (LGS)
Steve Woodward, CEO, Cloud Perspectives
Anne Leroux, Director, ES Computer Training
Additional interviews were conducted but are not listed due to privacy and confidentiality requirements.