Revive Your Risk Management Program with a Regular Health Check
Don’t get complacent and allow your risk management program to flatline.
Book This Workshop
Failing to routinely identify, assess, and mitigate key risks after the first year of implementing an IT risk management program could result in:
- A runaway risk portfolio. While the IT risk council continues to monitor previously identified risks, it remains oblivious to evolving IT threats and vulnerabilities.The IT threat landscape is evolving rapidly and won’t wait for you to catch up.
- A hazy value proposition. Without compelling evidence that IT risk management is improving and driving value for the organization, executive sponsorship and engagement can wane in year 2; 63% of CEOs indicate they want IT to provide better risk metrics.
- Regression in risk awareness. Going through the process of establishing an IT risk management program that integrates with the business is no small task. Don’t let all of your efforts engaging key stakeholders and obtaining support from senior leadership go to waste.
Improving your ongoing program for managing IT risk allows you to:
- Retain stakeholder engagement as the program matures. Business stakeholders often perceive IT risk management as a project that needs to be completed once. By successfully completing these activities a second time, the program gains momentum, increasing the likelihood of retaining stakeholder engagement in subsequent years as the program matures.
- Have confidence that all IT risks have been accounted for. Going through the risk identification process again allows you to explore alternative methodologies that may offer additional insights and allow you to identify previously unidentified risks.
- Engage with key stakeholders to share accountability between IT and the business. IT risk is business risk. Reinforce channels between IT and the business to ensure that senior leadership is aware of key risks, and that accountabilities for risk decision making are fairly distributed.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Refine IT Risk Management Governance
The Purpose
- To assess the maturity of the risk management program and build an improvement plan.
Key Benefits Achieved
- Perform a program retrospective to jump-start operational improvements and retain the involvement of keep stakeholders.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Review IT risk fundamentals |
|
| 1.2 | Set workshop goals and expectations |
|
| 1.3 | Assess risk management process, and identify accomplishments and challenges |
|
| 1.4 | Build a Risk Management Program Improvement Plan |
|
Module 2: Reassess IT Risk Events and Identify New Threats
The Purpose
- To re-engage business stakeholders, re-assess IT risk events, and identify new risks.
Key Benefits Achieved
- Reassess your risk register and identify new risk events regularly to minimize the exposure of your organization.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Review IT and business context changes |
|
| 2.2 | Consider how context changes impact organizational risk tolerance |
|
| 2.3 | Generate tactics to re-engage business stakeholders |
|
| 2.4 | Determine if implemented risk responses were successful |
|
| 2.5 | Re-assess the severity of previously identified risk events |
|
| 2.6 | Augment risk event list with capability maps |
|
| 2.7 | Assess the severity of newly identified risk events |
|
| 2.8 | Perform an expected cost assessment |
|
Module 3: Develop Risk Responses and Communicate Priorities to the Business
The Purpose
- Establish monitoring responsibilities and develop risk responses.
- Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.
Key Benefits Achieved
- Turn risk priorities into fully funded projects that have the support of the business.
- Effectively deliver IT risk expertise to the business to guide risk-conscious decision making.
- Communicate the value and success of the program in a compelling way to ensure continued support and engagement.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Perform a root cause analysis |
|
| 3.2 | Identify and assess risk responses |
|
| 3.3 | Identify and assess risk responses |
|
| 3.4 | Review a risk response cost-benefit analysis |
|
| 3.5 | Create multi-year cost projections |
|
| 3.6 | Customize the IT Risk Management Executive Brief |
|
| 3.7 | Finalize the Risk Report and Program Manual |
|
| 3.8 | Transfer ownership of risk responses to project managers |
|