Welcome » IT Booklets » Management » IT Risk Management Process » IT Controls Implementation » Operations
Senior management should be aware of and mitigate the
operational/transactional risks associated with IT operations.
Financial institutions and their service providers may have one or
more IT operations groups. The number and types will vary from
organization to organization. Common examples are data center or
computer operations, network services, distributed computing,
personal or desktop computing, change management, security,
resource management, and contingency planning.
Many operations functions have significant risk factors that
need effective management and control. For example, system and
security administrators have powerful levels of control over the
systems they operate or manage. Institutions should record and
review audit trails and logs of system and security administrator
activities to control the risk exposure. Additional information on
this topic is available in the IT Handbook's "Operation's