Risk Management: The Key Principles Of IT Value
An absence of management responsibility and accountability for risk management policies can result in potentially serious risks being ignored. Furthermore misguided actions can result in costly investments being wasted or put in jeopardy. Ultimately …show more content…
Auditors can provide initial momentum by highlighting to executive level management inadequate risk management practices or specific risks that are not being adequately addressed. Audit should also collate audits with key organisational risks and known areas of weakness, and provide independent assurance to management. Equally important is the ability to make sure that appropriate risk management plans are in place and are being followed in all key areas as well as providing improvement recommendations.
The following are the key principles of risk ownership:
• Allocate responsibility at a senior level for managing key risks.
• Ensure that every risk has an owner (there may be separate owners for the actions to mitigate the risks).
• Ensure anyone allocated ownership has the skills and authority to take on the responsibility and that they are aware that they are the designated …show more content…
The practice of establishing service agreements is strongly recommended in any type of client-service provider or collaborative service relationship.
There is no doubt that effective use of SLA’s help to ensure that risks and delays are identified and managed as a routine part of everyday activities (Architecture Governance Group, 2008). Adoption of SLA’s will help to enable quick implementation of good procedures and avoid lengthy delays re-inventing wheels and agreeing approaches. The SLA’s have to be, however, consistent with the management framework and be appropriate for the departments involved. SLA effectiveness will depend on how they have been actually implemented and kept up to date with the changing needs of the Organisation.
It is often said that the SLA is a primarily contractual tool used to ensure a service provider can be “penalized” if performance requirements are not met. It is best practice to think of SLA’s more as a communication and behavioral guidance tool. When SLA’s are deployed effectively, they serve the goals of both customers and their service providers (and the lawyers from both