This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • IT Risk Assessments

IT Risk Assessments

An IT risk assessment should always be performed from the basis and understanding that IT risks affect profitability and growth - despite technical complexity in certain cases.
 
Any IT risk assessment (i.e. an assessment covering all IT processes, namely of planning, system development, acquisition and maintenance, operations as well as monitoring and evaluation) has to be performed from a firm IT governance perspective, placing business strategy and objectives central to the assessment. IT activities must be aligned with business strategies and objectives, enabling an organisation to achieve their profit oriented business strategies and objectives.
 
We provide IT risk assessment services to clients, by normally performing the following procedures:
 
  • Workshops. We can facilitate an opening workshop by asking prominent, high level questions related to IT Governance issues – i.e. covering all possible IT processes, resources and objectives. Among other, we cover strategic alignment; value delivery; risk management; resource management and performance measurement. As such a workshop is intended to ask prominent questions on IT Governance in order to identify high impact risks. Identified risks are used as a starting point for further (detailed walkthrough) assessments for the rest of the assignment (depending on the size of the business and complexity of IT).
     
  • Detailed risk assessment. BDO has IT advisors that are specialists in different fields – covering all relevant IT resources. After we have populated our database with the initial workshop results, we usually allocate identified risk areas per applicable IT resource to different IT auditors and advisors for further investigation and assessment, by means of detailed walkthroughs, discussions, reviews and observations.
     
  • Risk data analysis - considering in our conclusion impact on business strategy and objectives. We typically populate all our findings in our database for further analysis. As far as possible, we link all findings to relevant IT objectives and strategies.
     
  • Final discussions/workshop with Management. Prior to issuing a draft report, we have a second short workshop with management to present the draft risk register. The objectives of such a workshop are to:
     
    • Identify high profile risks.
       
    • Identify the impact of high profile risks on the company’s IT and business objectives and strategies.
       
    • Identify current or possible controls/solutions to these risks.
       
  • Risk assessment reporting. We issue a final report, detailing all risks identified – including a detailed risk/control register.