Revive Your Risk Management Program with a Regular Health Check

Don’t get complacent and allow your risk management program to flatline.


Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Failing to routinely identify, assess, and mitigate key risks after the first year of implementing an IT risk management program could result in:

  • A runaway risk portfolio. While the IT risk council continues to monitor previously identified risks, it remains oblivious to evolving IT threats and vulnerabilities.The IT threat landscape is evolving rapidly and won’t wait for you to catch up.
  • A hazy value proposition. Without compelling evidence that IT risk management is improving and driving value for the organization, executive sponsorship and engagement can wane in year 2; 63% of CEOs indicate they want IT to provide better risk metrics.
  • Regression in risk awareness. Going through the process of establishing an IT risk management program that integrates with the business is no small task. Don’t let all of your efforts engaging key stakeholders and obtaining support from senior leadership go to waste.

Improving your ongoing program for managing IT risk allows you to:

  • Retain stakeholder engagement as the program matures. Business stakeholders often perceive IT risk management as a project that needs to be completed once. By successfully completing these activities a second time, the program gains momentum, increasing the likelihood of retaining stakeholder engagement in subsequent years as the program matures.
  • Have confidence that all IT risks have been accounted for. Going through the risk identification process again allows you to explore alternative methodologies that may offer additional insights and allow you to identify previously unidentified risks.
  • Engage with key stakeholders to share accountability between IT and the business. IT risk is business risk. Reinforce channels between IT and the business to ensure that senior leadership is aware of key risks, and that accountabilities for risk decision making are fairly distributed.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Refine IT Risk Management Governance

The Purpose

  • To assess the maturity of the risk management program and build an improvement plan.

Key Benefits Achieved

  • Perform a program retrospective to jump-start operational improvements and retain the involvement of keep stakeholders.

Activities: Outputs:
1.1 Review IT risk fundamentals
1.2 Set workshop goals and expectations
1.3 Assess risk management process, and identify accomplishments and challenges
  • An updated Risk Management Program Manual
1.4 Build a Risk Management Program Improvement Plan
  • A completed Risk Management Program Improvement Plan

Module 2: Reassess IT Risk Events and Identify New Threats

The Purpose

  • To re-engage business stakeholders, re-assess IT risk events, and identify new risks.

Key Benefits Achieved

  • Reassess your risk register and identify new risk events regularly to minimize the exposure of your organization.

Activities: Outputs:
2.1 Review IT and business context changes
  • An updated and complete Risk Register with all relevant IT risk events
2.2 Consider how context changes impact organizational risk tolerance
  • An updated Risk Management Program Manual
2.3 Generate tactics to re-engage business stakeholders
  • A revised stakeholder RACI
2.4 Determine if implemented risk responses were successful
2.5 Re-assess the severity of previously identified risk events
2.6 Augment risk event list with capability maps
  • An updated and complete Risk Register with all relevant IT risk events
2.7 Assess the severity of newly identified risk events
2.8 Perform an expected cost assessment

Module 3: Develop Risk Responses and Communicate Priorities to the Business

The Purpose

  • Establish monitoring responsibilities and develop risk responses.
  • Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business. 

Key Benefits Achieved

  • Turn risk priorities into fully funded projects that have the support of the business.
  • Effectively deliver IT risk expertise to the business to guide risk-conscious decision making.
  • Communicate the value and success of the program in a compelling way to ensure continued support and engagement. 

Activities: Outputs:
3.1 Perform a root cause analysis
3.2 Identify and assess risk responses
3.3 Identify and assess risk responses
  • Completed Risk Event Action Plans
3.4 Review a risk response cost-benefit analysis
  • An updated Risk Management Program Manual
3.5 Create multi-year cost projections
3.6 Customize the IT Risk Management Executive Brief
  • A communication guide and completed IT Risk Management Executive Brief
3.7 Finalize the Risk Report and Program Manual
  • A detailed Risk Report
  • An updated Risk Management Program Manual
3.8 Transfer ownership of risk responses to project managers
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019