Successful enterprise risk management should encompass information technology activities, according to a report Monday from the Risk & Insurance Management Society Inc. and ISACA, previously the Information Systems Audit and Control Association.
The report, Bridging the Digital Risk Gap: How Collaboration Between IT and Risk Management Can Enhance Value Creation, can be found on ISACA’s website and the RIMS website, according to a joint statement issued with the report.
“It is vital that risk management and information technology professionals communicate with each other on a regular basis to ensure the risk associated with the use of technology is properly managed,” the report said, adding “… all too often, it seems like the two groups are speaking a different language — that is, if they even speak at all.”
Due to the evolving and growing nature of IT’s role in business and industry, “… digital enterprise strategy — the IT architecture and governance of an organization — has become a strategic imperative,” the report said, adding, “as companies continue to transform digitally and cybersecurity becomes an increasingly critical capability, IT-related risk no longer is the sole purview of technical experts.”
Regulatory requirements and privacy concerns are two areas which straddle the worlds of both risk management and information technology and are examples of areas for cooperation, the report said.
IT security also plays a “critical role” in risk management, the report said.
“When enterprises examine the evolving risk environment and the benefits that can come from integrating risk management and IT, it becomes very clear that this collaboration is important to the overall business-risk portfolio,” Paul W. Phillips III, technical research manager at ISACA and a contributing author to the white paper, said in the statement. “This kind of strategic coordination can bring many positive outcomes, including better incident response and improved information protection.”
“Understanding one another’s world is the first step for building a constructive and symbiotic relationship,” Carol Fox, RIMS vice president of strategic initiatives and contributor, said in the statement.
The latest version of an enterprise risk management guide has been designed to help organizations grow while managing risk, experts say.