As a regional US grocery chain based in a major metropolitan area had experienced rapid growth through new store openings and acquisitions. With a focus on supply-chain efficiencies, the grocery chain distributes most products to its stores through a warehouse facility that also houses key offices and IT resources. In light of the risk associated with such a consolidated operation, the IT organization received a mandate from its board of directors to formally manage IT-related risk. The mandate specifically called for an initial high-level assessment of IT organizational risk, drawing largely from internal expertise. The board also requested that the IT organization demonstrate an ongoing program to manage risk.
The IT organization enjoyed a membership with Info-Tech Research group to access its best-practices research and vendor-selection guidance. Engaging with Info-Tech to conduct a COBIT-based operations workshop on risk management was a natural next step.