IT risk mapping
Risk mapping, the positioning of major risks from different perspectives such as the potential impact and the probability of occurrence, is aimed at directing the internal audit plan and helping management take into account the risk dimension in its internal steering.
Our approach
When going about IT risk mapping it is important to first take into account the business challenges and the most sensitive activities for the organization, be they financial, regulatory or image-related. The proper understanding of key processes of the organization, and the involvement of stakeholders are absolutely necessary prior to any IT risk identification activity. The second step consists of identifying the most critical material and immaterial assets and then to screen them in terms of their value and vital importance to the organization. Finally, be they of internal or external origin, all of the organization’s feared threats and events must be itemized. These events can be classified in two categories: events that are naturally inherent to the organization, such as the dependence vis-à-vis a key application developed internally (endogenous events), and exogenous events such as viral attacks, intrusions or natural disasters.