- Contact Us
Earlier this week we discussed IT Governance, Risk, and Compliance (IT GRC) with a specific focus on IT Governance. To read more of that post, click here. Today we are going to focus on the second component of IT GRC, IT Risk.
In keeping with consistency, Gartner defines IT Risk as "the potential for an unplanned, negative business outcome involving the failure or misuse of IT" (Gartner, 2012). This is a broad definition that could encompass many different aspects that an organization should be concerned about that includes two suggestions about why risk might occur:
These are both excellent reasons for IT Risk within an organization. If your infrastructure fails, your risk increases. If your users do not use your systems, both hardware and software, as intended, your risk will increase. Related to these causes are the potential outcomes which are the first part of the Gartner definition. These outcomes are as follows:
When it comes to IT Risk, we want to look at three main areas of focus. **Note, this is going to be a high level overview of these three areas as each one could be its own blog post!** The three areas that we want to evaluate and interrogate are:
IT GRC is a huge topic to discuss and can be a huge undertaking for an organization. This is why on August 3rd, Compass IT Compliance is hosting a webinar that discusses IT GRC programs, what they are, and how to get started with one in your organization. Details are below and click on the link to register. Till next week when we talk about everyone's favorite part of IT GRC.......Compliance!
When: Wednesday August 3rd @ 1:00 PM EST
Duration: 30 Minutes with Q&A Session
Where: Online, register below
Gartner. (2012, February 10). IT risk - Gartner IT glossary. Retrieved July 26, 2016, from Gartner IT Glossary, http://www.gartner.com/it-glossary/it-risk