The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels.

December 11, 2021 by Admin

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

  • key risk indicators (KRIs). 
  • an IT risk appetite statement.
  • a risk management policy.
  • a risk register.

Leave a Reply