The release of the revised Committee of Sponsoring Organizations (COSO) Enterprise Risk Management—Integrated Framework could not have come at a better time for technology risk professionals and those concerned with effectively and efficiently managing that risk. Executives can no longer manage technology risks from an IT department silo; rather, they require an integrated enterprise risk management (ERM) approach—as suggested by the framework—that considers the impact of technology risk in the strategy-setting process, as well as in driving performance. This article discusses some of the more challenging technology risks facing managers due to their enterprise-wide impact or consideration.
Defining Risk Appetite
Perhaps one of the greatest challenges facing technology risk managers is the concept of risk appetite. The COSO ERM framework’s glossary defines “risk” as “the possibility that events will occur and affect the achievement of strategy and business objectives” and “risk appetite” as “the types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.” Companies accept that to achieve business objectives and…