Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

At Risk? Take the IT Risk Assessment

17 views

Published on

Boards of Directors and leadership are asking IT and data questions related to risk. How at risk are we? Where are we the weakest? What is an acceptable level of IT risk? This presentation was a working session presented by Shaun Holloway at the ASAE TEC Conference in Washington, DC on December 4, 2019. The Risk Assessment was completed with audience members for them to begin taking steps toward remediation. http://www.srholloway.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

At Risk? Take the IT Risk Assessment

  1. 1. At Risk? Take the IT Risk Assessment @ShaunHolloway Association of College and University Housing Officers – International
  2. 2. Our Time Together 10 - Assessment Tool Overview 25 - Complete the IT Risk Assessment 10 – Results Discussion and Actionable Next Steps Questions and Assistance
  3. 3. Assessment Tool Created in 2016 Used with the Board of Directors in 2016 and 2019 assessments Needed a way to identify areas of risk that were actionable
  4. 4. Reputable Instrument Educause IT Risk Register U.S. National Institute of Standards and Technology Guide for Conducting Risk Assessment U.S. Government Accountability Office InfoSec risk assessment matrices
  5. 5. Assessment Framework 36 risk statements 34 defined by the Educause IT Risk Register 2 added by ACUHO-I for direct user-based scenarios 11 IT Domains Management of IT IT Support Services Educational Technology Services Research Computing Services Data Centers Communications Infrastructure Enterprise Infrastructure and Services Information Security Identity Management Systems and Applications Business Continuity
  6. 6. Assessment Framework 6 Functional Areas Compliance Financial System Service Operational Reputational Strategic
  7. 7. Assessment Scoring
  8. 8. Assessment Scoring Undesirable 1.0 – 0.8 Effort is needed to address the risk statement and understand the current situation and factors that are contributing to the situation. Reviewable 0.7 – 0.4 A discretionary review by management is needed to determine whether the level of risk is acceptable or if the risk statement is undesirable. Acceptable 0.3 – 0.0 Risk statement is deemed to be in a state that does not need to be reviewed by management.
  9. 9. RISK ASSESSMENT TIME Access the IT Risk Assessment Tool
  10. 10. RESULTS DISCUSSION ACUHO-I’s Findings
  11. 11. Data Analysis - 2016 v 2019 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0
  12. 12. Functional Area Analysis 0 5 10 15 20 25 30 Compliance Financial System Service Operational Reputational Strategic Undesirable (n=2) Reviewable (n=7) Acceptable (n=27) 0 5 10 15 20 25 30 Undesirable (n=2) Reviewable (n=7) Acceptable (n=27) Compliance Financial System Service Operational Reputational Strategic
  13. 13. Service Area Analysis 0 2 4 6 8 10 12 14 Undesirable (n=2) Reviewable (n=7) Acceptable (n=27)
  14. 14. Data Suggests 0 5 10 15 20 25 30 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0 Risk Statement Distribution 2019 2016
  15. 15. Rationale Contributions Apply human interpretations Evaluation team discussion outcomes Focus on the UNDESIRABLES Define next steps
  16. 16. At Risk? Take the IT Risk Assessment @ShaunHolloway Association of College and University Housing Officers – International

×