Management of business risk is an essential component of the responsible administration of any organization. Almost every business decision requires the executive or manager to balance risk and reward. The Risk IT framework explains IT risk and enables users to:
- Integrate the management of IT risk into the overall ERM of the organization, thus allowing the organization to make risk return aware decisions;
- Make well-informed decisions about extent of the risk, and the risk appetite and the risk tolerance the organization;
- Understand how to respond to the risk.