Skip to content

Communicating IT Risk In Business Terms

Answered by: 

Question: 
How can I communicate IT risk in terms that the business can understand and use to make immediate, measurable cost versus benefit risk decisions ?
Answer: 

The key is to deliver IT risk information in a standard, quantifiable, non-finite method that allows the user to easily compare the inherent business risk of IT with the relative capability of IT to protect this business risk. Simply presenting IT risk in compliance terms with finite (e.g. red, yellow, green) indicators does not give the business user the necessary tools or “intelligence” to be able to take action in managing IT to the appropriate level of risk based on business needs. Delivering IT risk in these terms requires an easy to understand method for calculating and reporting risk that can be baked into current business processes similar to how a credit report and score are used in a loan underwriting process.

First published on BankersOnline.com 4/20/09

First published on 04/20/2009

Filed under: 
Filed under compliance as: 
Filed under operations as: 
Filed under security as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics