Latest Research

Build an IT Risk Management Program

Mitigate threats with a cost-focused approach to IT risk management.

Book This Workshop

The majority of IT departments lack a formal program for managing risk, resulting in:

  • Low relationship satisfaction from the business.
  • Risk management fixating on security.
  • Lack of alignment with the business.

Creating an ongoing program for managing IT risk allows you to:

  • Transform IT into a business enabler.
  • Have confidence that all IT risks have been accounted for.
  • Engage with key stakeholders to share accountability between IT and the business.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Member Rating

Overall Impact

Average $ Saved

Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

Case Studies and Deliverables

Risk Management Case Study of a Small University

A small university in the American mid-west needed to introduce its IT stakeholders to key risk concepts as part of a new, broader IT governance mission. By gaining a realistic and shared understanding of what risk really means, the IT department was able to build its internal brand as risk experts and start working on risk management initiatives quickly, saving substantial time.

Risk Management Case Study of a Regional Grocery Chain

A 20-person IT department in a mid-sized regional grocery retailer received a mandate from its Board of Directors to reapproach and increase its risk management activities. Using Info-Tech’s workshop and featured IT Risk Profile Tool, the grocery retailer was able to identify key areas of risk – Security & Compliance, and IT Governance & Operations – and develop a detailed plan to tackle risk mitigation.

Risk Management Case Study of a Global Chemical Manufacturing Firm

An Asian-headquartered chemical manufacturing organization with an 80-year history and facilities in over 20 countries wants to assess IT risks for its operations in the Americas. The company's American IT team participated in an Info-Tech workshop with the specific goals of becoming more knowledgeable about IT risk management, identifying key issues, planning actions to reduce priority risks, and communicating more effectively about IT risk issues with executive leadership.

Module 1: Review IT Risk Fundamentals and Governance

The Purpose

  • To assess current risk management maturity, develop goals, and establish IT risk governance.

Key Benefits Achieved

  • Identified obstacles to effective IT risk management.
  • Established attainable goals to increase maturity.
  • Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

Activities: Outputs:
1.1 Assess current program maturity
  • Maturity Assessment
1.2 Complete RACI chart
  • Risk Management Program Manual
1.3 Create the IT risk council
1.4 Identify and engage key stakeholders
1.5 Add organization-specific risk scenarios
  • Risk Register
1.6 Identify risk events

Module 2: Identify IT Risks

The Purpose

  • Identify and assess all IT risks.

Key Benefits Achieved

  • Created a comprehensive list of all IT risk events.
  • Risk events prioritized according to risk severity – as defined by the business.

Activities: Outputs:
2.1 Identify risk events (continued)
  • Finalized List of IT Risk Events
2.2 Augment risk event list using COBIT 5 processes
  • Risk Register
2.3 Determine the threshold for (un)acceptable risk
  • Risk Management Program Manual
2.4 Create impact and probability scales
2.5 Select a technique to measure reputational cost
2.6 Conduct risk severity level assessment

Module 3: Identify IT Risks (continued)

The Purpose

  • Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

Key Benefits Achieved

  • Risk monitoring responsibilities are established.
  • Risk response strategies have been identified for all key risks.

Activities: Outputs:
3.1 Conduct risk severity level assessment
  • Risk Register
3.2 Document the proximity of the risk event
  • Risk Management Program Manual
3.3 Conduct expected cost assessment
3.4 Develop key risk indicators (KRIs) and escalation protocols
3.5 Root cause analysis
3.6 Identify and assess risk responses
  • Risk Event Action Plans

Module 4: Monitor, Report, and Respond to IT Risk

The Purpose

  • Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

Key Benefits Achieved

  • Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.
  • Authoritative risk response recommendations can be made to senior leadership.
  • A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

Activities: Outputs:
4.1 Identify and assess risk responses
  • Risk Report
4.2 Risk response cost-benefit analysis
4.3 Create multi-year cost projections
4.4 Review techniques for embedding risk management in IT
  • Risk Management Program Manual
4.5 Finalize the Risk Report and Risk Management Program Manual
4.6 Transfer ownership of risk responses to project managers
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019