- Risk
is unavoidable. Without a formal program to manage IT risk, you may be
unaware of your severest IT risks.
- The business could be making decisions that are not informed by risk.
- Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.
Our Advice
Critical Insight
- IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.
Impact and Result
- Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
- Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
- Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.1/10
Overall Impact
$25,422
Average $ Saved
11
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
The Department of Home Affairs
Workshop
10/10
$22,750
23
EMCO
Guided Implementation
10/10
N/A
N/A
Fantastic insights that have helped us further mature our IT risk management program and its effectivness.
Nebraska Public Power District
Workshop
9/10
N/A
N/A
The workshop was very helpful but seemed a little rushed at times. There was some content that was not covered. For example, we would have liked to... Read More
Geidea
Guided Implementation
10/10
N/A
20
I wanted to take a moment to acknowledge the outstanding performance of Benoit in risk management. His ability to explain all risks phases has bee... Read More
Roper Pump Company
Guided Implementation
9/10
N/A
N/A
The tools and resources provided.
Focused Education Resources
Guided Implementation
10/10
$11,500
5
Very helpful advice and support.
City of Menifee
Workshop
9/10
N/A
N/A
Technology Risk management is a brand new undertaking for the City as a formal, documented process. This workshop provided the Risk Management tea... Read More
Ideal Boilers Limited
Guided Implementation
9/10
N/A
1
Framework examples will help greatly; populated proformas (to set the framework in context) would have helped further.
Regina Catholic Schools
Guided Implementation
10/10
$10,000
5
Valence was very knowledgeable and gave great insights to specific areas to focus on and where we can make improvements to achieve our goals.
Midis Services FZ - LLC
Guided Implementation
9/10
N/A
14
assigning an unqualified resource from my end, since he wont be guided and the consultant expects the other party to have the minimum knowledge
Allegheny College
Guided Implementation
10/10
$6,850
3
City Of Charlotte
Guided Implementation
10/10
$34,250
5
Valence continues to keep us pointed in the right direction on this launch of an IT Controls Program. I appreciate that he not only takes the time ... Read More
South Australian Water Corporation
Guided Implementation
1/10
N/A
N/A
The analyst had not reviewed our current risk management framework and plan prior to the call - the meeting was not valuable.
Boston Dynamics
Guided Implementation
10/10
$68,500
5
Greg is very flexible, extremely experienced and we aligned easily on my desire to "right size" our risk management effort.
MDU Services LTD
Guided Implementation
10/10
N/A
29
Best: Having a framework, supporting tools & templates and a dedicated named expert in the subject (Donna Bales) to hand hold us through the progr... Read More
Johnson County Library
Guided Implementation
9/10
$2,599
5
MassMutual
Guided Implementation
10/10
$71,499
16
Fernco Inc
Workshop
9/10
N/A
10
Best parts since this was an update from previous years, Sumit provided pre-work prior to the workshop so that more discussion time could be spent ... Read More
Massey University
Workshop
3/10
N/A
N/A
Overall, I felt we gained very little from this exercise. It could be that we were starting from quite an advanced level of risk management to begi... Read More
Desert Lime Ltd
Guided Implementation
9/10
$20,500
23
Friendliness and support provided by the team
The University of Alabama at Birmingham
Guided Implementation
10/10
$2,479
5
Worst - I waited too long before engaging with Info-tech for advice. Best - Having an Info-tech professional look at where I was going and what I ... Read More
The Government of the Northwest Territories
Workshop
10/10
$22,000
50
Best - guided process by knowledgeable SMEs, InfoTechs flexibility in course delivery to meet our needs /Covid requirements. Deliverables are pract... Read More
University of Exeter
Guided Implementation
9/10
N/A
N/A
City of Carlsbad
Workshop
10/10
N/A
20
Integris Credit Union
Guided Implementation
9/10
$10,000
10
Being able to discuss our specific situation with a trusted resource is valuable, in order to right-size the solution. (IT Risk Mgmt). The Excel-... Read More
Dropbox
Guided Implementation
8/10
N/A
5
Pegasus Business Intelligence, LP d/b/a Onyx CenterSource
Guided Implementation
10/10
N/A
N/A
UMG RECORDINGS, INC.
Guided Implementation
10/10
N/A
N/A
The analyst was very knowledgeable and presented insights that were very relevant to our organization and goals. It served as good validation for ... Read More
AARP Inc
Guided Implementation
10/10
N/A
N/A
Fernco Inc
Workshop
10/10
$30,999
20
Risk Management
Please note: This course will be updated in October 2023.
"Hope" is not a risk management strategy.
This course makes up part of the Security & Risk Certificate.
- Course Modules: 4
- Estimated Completion Time: 2-2.5 hours
- Featured Analysts:
- David Yackness, Sr. Research Director, CIO Practice
- Gord Harrison, SVP of Research and Advisory
Workshop: Build an IT Risk Management Program
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Review IT Risk Fundamentals and Governance
The Purpose
- To assess current risk management maturity, develop goals, and establish IT risk governance.
Key Benefits Achieved
- Identified obstacles to effective IT risk management.
- Established attainable goals to increase maturity.
- Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.
Activities
Outputs
Assess current program maturity
- Maturity Assessment
Complete RACI chart
- Risk Management Program Manual
Create the IT risk council
Identify and engage key stakeholders
Add organization-specific risk scenarios
- Risk Register
Identify risk events
Module 2: Identify IT Risks
The Purpose
- Identify and assess all IT risks.
Key Benefits Achieved
- Created a comprehensive list of all IT risk events.
- Risk events prioritized according to risk severity – as defined by the business.
Activities
Outputs
Identify risk events (continued)
- Finalized List of IT Risk Events
Augment risk event list using COBIT 5 processes
- Risk Register
Determine the threshold for (un)acceptable risk
- Risk Management Program Manual
Create impact and probability scales
Select a technique to measure reputational cost
Conduct risk severity level assessment
Module 3: Identify IT Risks (continued)
The Purpose
- Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.
Key Benefits Achieved
- Risk monitoring responsibilities are established.
- Risk response strategies have been identified for all key risks.
Activities
Outputs
Conduct risk severity level assessment
- Risk Register
Document the proximity of the risk event
- Risk Management Program Manual
Conduct expected cost assessment
Develop key risk indicators (KRIs) and escalation protocols
Root cause analysis
Identify and assess risk responses
- Risk Event Action Plans
Module 4: Monitor, Report, and Respond to IT Risk
The Purpose
- Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.
Key Benefits Achieved
- Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.
- Authoritative risk response recommendations can be made to senior leadership.
- A finalized Risk Management Program Manual is ready for distribution to key stakeholders.
Activities
Outputs
Identify and assess risk responses
- Risk Report
Risk response cost-benefit analysis
Create multi-year cost projections
Review techniques for embedding risk management in IT
- Risk Management Program Manual
Finalize the Risk Report and Risk Management Program Manual
Transfer ownership of risk responses to project managers