Risk assessment measures two quantities of risk; the magnitude of the potentail loss, and the probability that the loss will occur. Risk assessment may be the most important step in the risk management process.

Once risks have been identified and assessed, the steps to properly deal with them are much more programmatical. Senior management has an active role to ensure IT-related risk identification and assessment efforts are coordinated and consistent throughout the organization. An effective IT risk assessment process improves policy and internal control decisions across the organization.

Risk Assessment Process

1. System Identification

2. Threat Identification

3. Vulnerability Identification

4. Control Analysis

5. Likelihood Determination

6. Impact Analysis

7. Risk Determination

8. Control Recommendation

9. Results Documentation

LOCKNET will perform a review of your organization's IT risk assessment and internal controls to ensure that these areas are addressed. We verify that your IT risk assessment process includes ongoing monitoring to keep the process continuous instead of a one-time or annual event. LOCKNET also verifies that departments are providing progress reports to management on a periodic basis.