Importance Of Alignment Of It Risk Management Strategy

1493 Words6 Pages
The importance of alignment of IT risk management strategy to organizational goal when business and IT operate in alignment, clearly visible links identify which IT assets and operations support business operations and the value they create. This visibility transforms IT from a cost center to a driver of business value. Alignment clarifies how IT resources may be deployed to market quicker, deliver more effective service to customers, and generate new returns streams for the business. Aligning an organization’s IT risk strategy to business strategy is as important as operational alignment. Organizations’ risk profiles differ according to their lines of business and the strategies they pursue to maximize their effectiveness. Just as IT…show more content…
Finally, a well-prepared IT risk Management plan also guides system design and decision making, resulting in higher operational efficiency, greater capacity for innovation, and lower IT costs. As a result, an effective strategy for mitigating IT risk may both protect an organization against incidents, and reduce IT cost and complexity. Two elements were frequently cited as necessary to encourage behavioral change. The first was quantification of value to the organization as a whole. Until an organization’s stakeholders understand the impact of lost information, unavailable systems, and noncompliant processes in terms that are meaningful to them loss of sales, dissatisfied customers or reduced productivity, for example sustained focus will remain out of reach. The second element is culture. Organizations have different risk profiles to which IT risk programs should be tuned. But they may also incorporate different workforces and cultures that will accept different levels of IT policy awareness and compliance. For example, a company with tens of thousands of employees averaging 24 years of age may require a very different policy for Instant Messaging use and Web access on company systems and time than smaller companies with older workforces. Selective enforcement and highly visible actions may be more effective than stringent policies that are unenforceable because they fail to align with the organization’s culture. Ch. 3.1 Emergence of Risk-Based Approaches Risk
Open Document