_risks in business and IS change_

For a company to be able to cope up with the rapid advancements of IS, changes and taking risks must be made. Risk taking is an everyday part of managing an enterprise. It is an essential element of business today and success comes to those organizations that identify and manage risks most effectively.

But these changes may bring various risks to an organization. The threats are classified as follows:

Investment or expense, the risk that the investment being made in IT fails to provide value for money or is otherwise excessive or wasted;

Access or security, the risk that confidential or otherwise sensitive information may be divulged or made available to those without appropriate authority;

Integrity, the risk that data cannot be relied on because they are unauthorized,
incomplete or inaccurate;

Availability, the risk of loss of service;

Infrastructure, the risk that an organization does not have an information technology infrastructure and systems that can effectively support the current and future needs of the business in an efficient, cost-effective and well-controlled fashion;

And Project ownership risk, the risk of IT projects failing to meet objectives through lack of accountability and commitment.

The management of risks is a cornerstone of IT governance, ensuring that the strategic objectives of the business are not jeopardized by IT failures.

As what I've commented before, I think the key for the success of IS is proper management.

http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=33919