Risk IT Framework for Management of IT Related Business Risks 

Risk is a natural part of the business landscape.
If left unmanaged, the uncertainty can spread like weeds.
If managed effectively, losses can be avoided and benefits obtained.

In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward. Effectively managing the business risks is essential to an enterprise’s success.

Too often, IT risk (business risk related to the use of IT) is overlooked. Other business risks, such as market risks, credit risk and operational risks have long been incorporated into the corporate decision-making processes. IT risk has been relegated to technical specialists outside the boardroom, despite falling under the same ‘umbrella’ risk category as other business risks: failure to achieve strategic objectives

Risk IT is a framework based on a set of guiding principles for effective management of IT risk. The framework complements COBIT, a comprehensive framework for the governance and control of business-driven, IT-based solutions and services.

While COBIT provides a set of controls to mitigate IT risk, Risk IT provides a framework for enterprises to identify, govern and manage IT risk. Simply put, COBIT provides the means of risk management; Risk IT provides the ends. Enterprises who have adopted (or are planning to adopt) COBIT as their IT governance framework can use Risk IT to enhance risk management.

Downloads and Links


If you have questions about RISK IT publications and ongoing research, please contact: