IT and technology risks are those that can have a material impact on the operations and financial position of an organisation as a result of a direct or indirect loss arising from failure of systems, networks, loss of data/ information, security breaches, operational system failure, equipment theft, fraud and cybercrime.
This risk arises from the extent of use of technology and IT in the operations of the organisation and the failure, abuse of the required technology or systems. These risks can arise from HR/People, crime, operations, regulatory and physical risks.
This risk can manifest in operational failure, crime, inability to deliver strategy, reputational damage e.g. loss of data, financial losses, balance sheet stress and organisational failure.
IT and technology risk issues can have a major impact on the operations, reputation and financial position of an organisation. These impacts can be immediate and significant or happen over a period of time but will have a lasting effect on the organisation.
IT and technology risk management starts with a review of the level of IT governance, policies, controls and disciplines throughout the organisation and the effectiveness of these. The review needs to cover and identify gaps and weaknesses in the physical technology environment and potential threats. This includes staff education, user behaviour, network and hosting risks, data security and controls, cybercrime risks, service providers, IT resources, back-up and support, firewall controls, anti-virus and related software controls.