Earlier this week we discussed IT Governance, Risk, and Compliance (IT GRC) with a specific focus on IT Governance. To read more of that post, click here. Today we are going to focus on the second component of IT GRC, IT Risk.
In keeping with consistency, Gartner defines IT Risk as "the potential for an unplanned, negative business outcome involving the failure or misuse of IT" (Gartner, 2012). This is a broad definition that could encompass many different aspects that an organization should be concerned about that includes two suggestions about why risk might occur: