Risk is a business issue. Issues arise when the business takes it for granted that risk management is solely an IT concern. This disconnect can actually increase risk, rather than mitigate it. It is therefore imperative for IT leaders to communicate to executives the importance of coordinated risk management.
The Importance of Risk Management
New direction from regulators such as the Securities and Exchange Commission (SEC) and the PCAOB are urging enterprises to focus their IT efforts on high-risk areas relative to their own environments. In other words, SOX initiatives will evolve to include customized compliance, as opposed to adherence to rigid, inflexible auditing standards (such as the PCAOB's Auditing Standard No. 2). Typically, a proper risk management portfolio includes the following elements: