The Risk Intelligent CIO
Becoming a Front-Line IT Leader in a Risky World
In a business world as fraught with new risks as it is entwined with new technology, chief information officers (and those they report to) are increasingly aware that IT-related problems can come at a staggering cost to an organization’s bottom line and reputation.
10 Key Steps to Risk Intelligence
1. Drive the principles of intelligent risk management from the top down and embed it into the culture of the organization.
2. Link risk directly to value creation and strategic initiatives.
3. Leverage probabilities when appropriate, but consider your vulnerabilities when assessing the risk of unique or unknowable events.
4. Recognize how quickly risk situations can accelerate in the age of the Internet and global communication.
5. Improve the accuracy of assessing and measuring loss of value (opportunities missed due to unanticipated or poorly managed risk).
6. Identify and address the root causes of failure: people, processes, systems, external factors.
7. Prepare appropriately for finite, relevant, high-impact events.
Design and Test Controls
8. Harmonize (ensure risk managers all speak the same language), synchronize (coordinate across institutional boundaries),
and rationalize (eliminate duplication of effort) risk management requirements.
Monitoring and Assurance
9. Leverage internal audit to gain independent assurance that appropriate mitigating processes are in place.
10. Identify and close gaps in required capabilities in a timely manner.