Developing a Common Language About IT Risk Management

15 Pages Posted: 10 Jan 2012

Date Written: June 1, 2009

Abstract

Although IT risks can have wide-ranging business consequences, few executives feel comfortable discussing IT risk management. It doesn’t have to be this way. Executive-level tradeoffs around IT risk are managerial, not technical. The Four A Framework of Availability, Access, Accuracy, and Agility risks provides a common language that business and IT managers can use to manage IT risks without getting bogged down in technical complexity. Then you can build a risk management capability — by improving the IT foundation, installing a risk governance process, and creating a risk aware culture — that increases the returns from your IT risk management investments.

Keywords: IT risk, Non-IT executive viewpoint, IT governance, alignment, oversight, risk aware culture, architecture, business continuity, security, agility, regulatory compliance, privacy

Suggested Citation

Westerman, George F. and Hunter, Richard, Developing a Common Language About IT Risk Management (June 1, 2009). MIT Sloan Research Paper No. 4933-11, Available at SSRN: https://ssrn.com/abstract=1979796 or http://dx.doi.org/10.2139/ssrn.1979796

George F. Westerman (Contact Author)

MIT Sloan School of Management ( email )

245 First Street, E94-1513
Cambridge, MA 02142
United States
617-253-2939 (Phone)

Richard Hunter

Independent ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
616
Abstract Views
2,867
Rank
80,128
PlumX Metrics