Explore

Risk Master 2.0

RiskCat

RiskCat

Risk ID

Risk Category

Risk

Evidence Docs

Assessment Guidance

Controls

1.01

Portfolio establishment and maintenance

Inadequate assessment of project feasibility and alignment with business objectives

Open

1.02

Portfolio establishment and maintenance

Poor project prioritization leading to inefficient resource allocation

Open

1.03

Portfolio establishment and maintenance

Lack of effective portfolio monitoring and control mechanisms

Open

2.01

Programme/projects lifecycle management

Inaccurate estimation of project timelines and budgets

Open

2.02

Programme/projects lifecycle management

Insufficient project planning and scope management

Open

2.03

Programme/projects lifecycle management

Inadequate change management processes causing scope creep and delays

Open

3.01

IT investment decision making

Lack of alignment between IT investments and business strategy

Open

3.02

IT investment decision making

Insufficient evaluation of potential risks and returns on investment

Open

3.03

IT investment decision making

Inadequate monitoring and review of IT investments' performance

Open

4.01

IT expertise and skills

Shortage of skilled IT professionals with the required technical knowledge

Open

4.02

IT expertise and skills

Inadequate training and development programs for IT staff

Open

4.03

IT expertise and skills

Difficulty in attracting and retaining top IT talent

Open

5.01

Staff operations

Insider threats and unauthorized access to sensitive information

Open

5.02

Staff operations

Inadequate segregation of duties leading to potential fraud or errors

Open

5.03

Staff operations

Lack of employee awareness and adherence to security policies and procedures

Open

6.01

Information

Data breaches and unauthorized access to sensitive information

Open

6.02

Information

Inadequate data backup and recovery procedures

Open

6.03

Information

Poor data quality management affecting decision-making processes

Open

7.01

Architecture

Incompatible or outdated system architectures and technologies

Open

7.02

Architecture

Lack of scalability and flexibility in the IT infrastructure

Open

7.03

Architecture

Inadequate integration and interoperability between different systems

Open

8.01

Infrastructure

Downtime and disruptions due to hardware or software failures

Open

8.02

Infrastructure

Insufficient capacity and scalability of infrastructure components

Open

8.03

Infrastructure

Inadequate disaster recovery and business continuity plans

Open

9.01

Software

Software vulnerabilities and security flaws

Open

9.02

Software

Inadequate software testing and quality assurance processes

Open

9.03

Software

Difficulty in keeping up with software updates and patches

Open

10.01

Ineffective business ownership of IT

Lack of clear IT governance structures and decision-making processes

Open

10.02

Ineffective business ownership of IT

Insufficient business involvement in IT projects and decision-making

Open

10.03

Ineffective business ownership of IT

Misalignment between business objectives and IT initiatives

Open

11.01

Selection/performance of third-party suppliers

Poor vendor selection leading to unreliable service or product quality

Open

11.02

Selection/performance of third-party suppliers

Inadequate vendor management and contract negotiation

Open

11.03

Selection/performance of third-party suppliers

Dependency on a single vendor without backup or contingency plans

Open

12.01

Regulatory compliance

Non-compliance with relevant laws, regulations, and industry standards

Open

12.02

Regulatory compliance

Inadequate data privacy and protection measures

Open

12.03

Regulatory compliance

Lack of regular compliance audits and monitoring processes

Open

13.01

Geo-political

Political instability and regulatory changes in foreign markets

Open

13.02

Geo-political

Trade disputes and import/export restrictions affecting IT operations

Open

13.03

Geo-political

Cybersecurity threats originating from specific geographic regions

Open

14.01

Infrastructure theft

Physical theft of IT equipment and assets

Open

14.02

Infrastructure theft

Unauthorized access to facilities and sensitive infrastructure components

Open

14.03

Infrastructure theft

Insufficient security measures to prevent theft or unauthorized entry

Open

15.01

Malware

Malicious software infections leading to data breaches and system disruptions

Open

15.02

Malware

Inadequate antivirus and malware protection measures

Open

15.03

Malware

Social engineering attacks and phishing attempts targeting employees

Open

16.01

Logical attacks

Cyberattacks targeting software vulnerabilities and weak authentication systems

Open

16.02

Logical attacks

Distributed denial of Service (DDoS) attacks causing service disruptions

Open

16.03

Logical attacks

Exploitation of network vulnerabilities leading to unauthorized access and data breaches

Open

17.01

Industrial action

Strikes or work stoppages by IT personnel affecting IT operations

Open

17.02

Industrial action

Sabotage or intentional damage to IT infrastructure during labor disputes

Open

17.03

Industrial action

Lack of contingency plans to mitigate the impact of industrial action

Open

18.01

Environmental

Natural disasters (e.g., floods, earthquakes) causing physical damage to IT infrastructure

Open

18.02

Environmental

Power outages and electrical disruptions impacting IT systems

Open

18.03

Environmental

Insufficient environmental controls (e.g., temperature, humidity) leading to equipment failures

Open

19.01

Acts of nature

Severe weather conditions (e.g., storms, hurricanes) disrupting IT operations

Open

19.02

Acts of nature

Fires or wildfires damaging IT infrastructure and data centers

Open

19.03

Acts of nature

Environmental factors (e.g., lightning, earthquakes) causing equipment failures

Open

20.01

Innovation

Failure to adopt emerging technologies, resulting in competitive disadvantage

Open

20.02

Innovation

Inadequate research and development initiatives to drive innovation

Open

20.03

Innovation

Lack of effective innovation management processes and culture within the organization

Open

There are no rows in this table

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.