Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation
Management should implement a control environment
consistent with its risk assessment. Sound IT operations controls
are grounded in policies, standards, and procedures that provide
Risk mitigation involves creating a sound control environment
that reduces internal and external threats to the institution's
tolerance level and establishes a structured environment for IT
operations. Examples of controls include policies and procedures
related to personnel and operations, segregation of duties and dual
controls, data entry controls, quality assurance programs, industry
certification, and operating thresholds and parameters. While not a
control, insurance can be an effective risk mitigation tool.
Management should balance controls against business operations
requirements, cost, efficiency, and effectiveness.