“CIOs are the executives best positioned to champion enterprise risk management.”

CIO Magazine, March 15, 2005

Risk management is the practice of:

• Measuring or assessing risk. Risk is simply uncertainty, defined as the probability of occurrence and the potential impact of an event. Risk assessment can include the use of statistical methods and tools where appropriate
• Developing cost effective strategies to minimize the effect of negative risks (threats) through mitigation, transference, or reduction. It may even include accepting some threats
• Determining how to maximize the effect of positive risks (opportunities) to the organization.

In essence, risk management refers to the activities associated with decision-making under uncertain conditions. While risk is often portrayed as purely negative (e.g., security threats or vulnerabilities), it can also include positive opportunities on which the organization may be able to capitalize on if it's prepared for them. Every process and project includes some element of risk, and there are many perspectives from which to view risk.

This service area addresses these Key Issues:

Business Continuity / Disaster Recovery
IT Asset Management
Vendor Assessment / Selection / Management
Sarbanes-Oxley Compliance
Identity Management
Project Portfolio Management
Business Process Management

At Ingenuity, we do not “lock in” to a specific perspective (for example, that of the Project Management Institute or a Certified Information Systems Security Professional). Instead, we take a more holistic view of risk management that is flexible enough to encompass all of these viewpoints in order to provide the best recommendations to our clients.