Identifying and managing IT risks to your business

Risk mitigation - risk reduction

If your assessment shows that you have unacceptably high levels of risks to your business, then you need to take some action to counter them.

You could:

• reduce the probability of the risk affecting your business
• limit the impact of the risk if it does occur 

In practice you will often wish to do both. However, generally you should try to reduce the probability of the risk affecting your business in the first place.

One way of doing this is risk avoidance, ie avoiding doing the things that could lead to a problem occurring, such as not entering into a line of business, a particular deal or a new IT project, because it carries a risk.

However, this might mean that you end up not doing anything new, and hence not being able to benefit fully from business opportunities.

You could instead take a more positive approach by changing the way in which you carry out an activity. This is quite appropriate to IT-related risk, and usually involves adopting a best practice approach to acquiring or operating IT systems.

Subjects covered in this guide

• Introduction
• Examples of IT-related risks
• Risk management procedure
• Identifying risk
• Risk assessment
• Risk mitigation - risk reduction
• Risk mitigation - impact reduction
• Contingency plans
• Practical actions for business managers

Print options - What are my print options - Opens in a new window

• Add guide to my print portfolio (print later as PDF)

Email options - What are my email options - Opens in a new window

• Tell a friend about this page
• Send me an email alert when this guide changes