A small university in the American mid-west needed to introduce its IT stakeholders to key risk concepts as part of a new, broader IT governance mission. By gaining a realistic and shared understanding of what risk really means, the IT department was able to build its internal brand as risk experts and start working on risk management initiatives quickly, saving substantial time.
Summary & Success
- Delivered a well-defined prioritized catalog of risks.
- Set a common understanding of risk management and articulated current risks in a manner appreciable to the University’s leadership team and constituency.
- Incorporated the governance of Risk Management into the University’s IT governance structure to establish momentum, facilitate communication, and codify structure.
- Provided an action plan outlining quick wins as well as short, medium, and long-term steps.