IT Risk Assessment Methodology
Our IT risk assessment methodology identifies and classifies the inherent risks that an organization faces. The key business applications in use at a client are identified and addressed at a high level, in order to incorporate them into the future planning process. The controls within the client business application systems residing on the various platforms are evaluated during the course of the review.
Our IT risk assessment methodology includes several steps, namely:
• Identifying and obtaining a high-level understanding of the key business applications in use at a client
• Establishing the main platforms on which existing applications reside and identifying the key interfaces between them
• Identifying, at a high level outstanding user needs, demands, and problems regarding existing applications, applications under development, and proposed applications
• Recommending controls and procedures to be instituted to effectively manage identified risks.
This methodology uses the classifications below to categorize each risk identified in the IT Environment:
| Green Areas: |
| Orange Areas: |
| Red Areas: |
These are areas considered to be inherently high risk from either a business or audit perspective and therefore capable of resulting in significant financial loss or embarrassment. The controls over these systems should be reviewed on an annual basis to confirm that the controls are in place and continue to be adequate to mitigate the inherent risks.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.