About the authors.
1 Thriving on risk.
Complications and deficiencies.
The cure for your IT risk headache.
2 IT governance framework.
Different approaches to governance.
Building a framework for your organization.
Design and implementation issues.
Case study: Aventis.
3 IT risk portfolio.
Introducing the IT risk portfolio.
Implementing an IT risk management capability.
Case study: European fleet management services provider.
The impact of project failure.
Organizational, program and project views of risk.
Understanding IT project risk factors.
Alternative philosophies for delivery assurance.
Identifying, reporting and managing project risks.
Case study: Agility.
5 IT services.
IT service failures that impact your business.
Planning and preparation.
Implementing IT service continuity.
Case study: Police service.
6 Information assets.
Accessing your information assets.
The impacts of information asset exploitation.
The impacts of degraded information assets.
The dimensions of security.
Implementing information asset management.
Case study: Investment management.
7 IT service providers and vendors.
The dimensions of service provider failure.
The dimensions of vendor failure.
Managing service provider risk.
Managing multiple IT service providers.
New and emerging risks in IT service provision.
Case study: Financial services.
The impacts of IT application failure on your business.
The evolution of IT application risk.
IT application risk profiles.
Software assets and liabilities.
The lifecycle approach to managing risks.
Case study: Leading water company.
How IT infrastructure failure impacts your business.
IT infrastructure’s evolving risks.
Moving towards ‘set and forget’.
De-risking infrastructure transformation.
Case study: GCHQ.
10 Strategic and emergent.
The impact of IT failing to support the execution of your business strategy.
Driving shareholder value through IT-enabled business change.
The influence of your IT capability on business capability.
Case study: Egg.
11 IT and other enterprise risks.
Relating the IT risk portfolio to other types of enterprise risk.
Supporting risk-based management with IT.
The dependence of IT risk management on broader enterprise competencies.
Appendix 1: Review checklists.