IT Risk Management

Welcome!  Last updated: December/10 DDB

These pages describe aspects of the enterprise risk management model or framework adopted by the University in 2007.  The process of IT risk management utilizes this framework.  In simple terms, the risk assessment process applies two factors to all identified 'inherent' risks: magnitude of impact and likelihood of occurrence.  These two factors are applied to inherent risks before any consideration of controls which can mitigate risk.  The assessment of controls in place or planned produce a 'residual' risk which management can either accept or initiate further remediation.

A significant enterprise-level risk identified by the University's Risk Management Steering Committee is 'continuity of information management and technology'.  For risk management purposes, information management and technology includes all databases, electronic files, systems applications, software, networks and hardware.  We refer to these collectively as the University's IT Assets.