Boulder, Colo. — IT risk management is no longer strictly about mitigating the negative threats surrounding IT, a new study finds. The study was published by Boulder, Colo.-based independent IT management research and consulting firm Enterprise Management Associates (EMA).
Named "Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management," the study explores how the convergence of IT domains is redefining risk management and giving birth to a new class of solutions.
The study says new approaches to risk management are delivering strategic corporate benefits by tying once disparate IT initiatives into a more unified and integrated program that helps organizations achieve business objectives. These initiatives play a critical role in shaping an IT governance strategy, enabling the business to define governance priorities and to measure and prioritize enterprise IT risk management more effectively.
Scott Crawford, research director at EMA, spearheaded the study and found that risk management concepts continue to be embraced across all aspects of the enterprise -- from the executive suite to business managers to information technologists. Each of these groups has its own perspective on risk, and today requires solutions that unify these perspectives to help drive one of the most critical requirements for effective IT governance: consensus on risk management strategy.
"Today's enterprise faces a daunting range of IT risks—from security, business malfeasance and insider threats to business-critical IT service availability, performance and integrity issues. Regulatory requirements intended to curb these risks have also driven the pursuit of more effective IT governance," says Crawford. "IT risk management has become the lynchpin of all these demands. It seeks to unify and integrate siloed approaches to managing security, business, technology and trust risks—aligning them with strategic business objectives to enable the enterprise to consistently manage and measure their control."
Source: EMA
