IT risk management is a critical piece of the risk puzzle for companies of all shapes and sizes. As firms move to more complex tech solutions, they must not only be aware but also actively manage the risks inherent in their systems, software, and IT procedures.
This is true not just for medium and large companies, but also for smaller firms. At the end of the day it is the responsibility of the CFO or finance manager to know and understand all of the risks affecting the company, and this includes technological risks.
One thing that CFOs can do to increase their understanding and mitigation of these risks is to engage their IT manager or CIO more fully in risk management discussion, as a recent report by IBM pointed out.
The survey found that 48 percent of respondents felt risk planning at their organizations happened in silos. Said the report: "This shows that almost half of the respondents show a low level of risk maturity."
Most of the respondents felt that IT managers and CIOs should be more involved company-wide risk management practices and planning.
The importance of IT risk management as part of overall risk planning can clearly be seen with Bank of America's suit--announced this week--against a former employee for stealing confidential files. The suit against Rao Chalasani alleges that he sent via email 21 confidential files outlining the bank's current trading position, P&L figures, credit reports and stress management scenarios.
BofA is seeking to recover the stolen documents, along with unspecified damages. The theft was revealed during a routine sweep of large email data file transfers.
Without a comprehensive IT risk management procedure in place--positioned as part of the company's larger risk management function--such a breach may not be uncovered, and the damage to a company experiencing such a breach could be irreparable.