Build an IT Risk Management Program

Mitigate the IT risks that could negatively impact your organization.

Blueprint Contents:

1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

Build an IT Risk Management Program – Phases 1-3

2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

Risk Management Program Manual

3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

Risk Register Tool

Risk Costing Tool

4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

Risk Event Action Plan

Risk Report

Unlock This Blueprint

Your Challenge

Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
The business could be making decisions that are not informed by risk.
Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

Our Advice

Critical Insight

IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

Impact and Result

Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

Unlock This Blueprint

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.8/10

Overall Impact

$21,132

Average $ Saved

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Johnson County Library

Guided Implementation

9/10

$2,519

MassMutual

Guided Implementation

10/10

$69,299

Fernco Inc

Workshop

9/10

N/A

Best parts since this was an update from previous years, Sumit provided pre-work prior to the workshop so that more discussion time could be spent on the roadmap. Worst parts trying figure out a way to respond to the question "...estimate the financia...

Massey University

Workshop

3/10

N/A

Overall, I felt we gained very little from this exercise. It could be that we were starting from quite an advanced level of risk management to begin with, but overall, the feedback from the team was that this was not a good use their time nor was the out...

Desert Lime Ltd

Guided Implementation

9/10

$20,500

Friendliness and support provided by the team

The University of Alabama at Birmingham

Guided Implementation

10/10

$2,479

Worst - I waited too long before engaging with Info-tech for advice. Best - Having an Info-tech professional look at where I was going and what I was doing and be able to see my data, analysis, and goals through their experience and offer options for pr...

The Government of the Northwest Territories

Workshop

10/10

$22,000

Best - guided process by knowledgeable SMEs, InfoTechs flexibility in course delivery to meet our needs /Covid requirements. Deliverables are practical & give us a clear place to start. Worst - nothing Thank you!

University of Exeter

Guided Implementation

9/10

N/A

City of Carlsbad

Workshop

10/10

N/A

Integris Credit Union

Guided Implementation

9/10

$10,000

Being able to discuss our specific situation with a trusted resource is valuable, in order to right-size the solution. (IT Risk Mgmt). The Excel-based tools with the program are useful, but also require a fiar bit of re-working/rebranding to be usable ...

Dropbox

Guided Implementation

8/10

N/A

Pegasus Business Intelligence, LP d/b/a Onyx CenterSource

Guided Implementation

10/10

N/A

UMG RECORDINGS, INC.

Guided Implementation

10/10

N/A

The analyst was very knowledgeable and presented insights that were very relevant to our organization and goals. It served as good validation for our Risk Management program design and we look forward to continuing the conversation as we evolve/mature.

AARP Inc

Guided Implementation

10/10

N/A

Fernco Inc

Workshop

10/10

$30,999

RPC Inc.

Guided Implementation

10/10

$2,546

Immediate response, thorough and complete explanation of the tools and process has helped tremendously

CFA Institute

Guided Implementation

8/10

N/A

Central Bank of Trinidad & Tobago

Guided Implementation

9/10

N/A

Kentucky Housing Corporation

Guided Implementation

10/10

$1,782

Bernie Gillies was great. Very friendly and informative. I enjoyed our conversation very much and feel as though I am much more equipped to take on Risk Management. I will be reaching out to schedule another call in the next 2-3 weeks. Thank you for your experts and their expertise. They have and continue to help me be an expert in things I am not.

Trinidad and Tobago Unit Trust Corporation

Guided Implementation

10/10

$3,820

Really appreciated the quick response for assistance and the guidance and knowledge that was shared during this first interaction.

Load More Testimonials

Do not fill in this field

Enter no text in this field

Get Instant Access to this Blueprint

Unlock This Blueprint

About Info-Tech

Info-Tech Research Group is the world's fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Guided Implementations

This guided implementation is an eight call advisory process.

Guided Implementation #1 - Review IT risk fundamentals and governance

Call #1 - Assess current risk maturity and organizational buy-in.

Call #2 - Establish an IT risk council and determine IT risk management program goals.

Guided Implementation #2 - Identify and assess IT risk

Call #1 - Identify the risk categories used to organize risk events.

Call #2 - Identify the threshold for risk the organization can withstand.

Call #3 - Prepare for risk assessment by selecting tools and methodologies.

Guided Implementation #3 - Monitor, respond, and report on IT risk

Call #1 - Create a method to assess risk event severity.

Call #2 - Establish a method to monitor priority risks and consider possible risk responses.

Call #3 - Communicate risk priorities to the business and implement risk management plan.

Unlock This Blueprint