ICT risk management guidance
Understand how to implement a risk management process that enables critical information and communications technology (ICT) risks to be effectively identified, managed and governed.
“ICT risk refers to the business risk associated with the use, ownership, operation, involvement, influence and adoption of ICT within the department.”
Queensland Government Chief Information Office
This guidance is an extension of the All-of-Government (AoG) ICT Operations Assurance Framework, which outlines the principles of good assurance.
- Business Owners and ICT governance bodies
- Chief Information Officers (CIOs) and Chief Digital Officers (CDOs)
- ICT leadership teams
- internal audit functions
- security and risk practitioners
- Clarify objectives for how ICT supports business outcomes
- Make sure critical ICT risks to service delivery are identified and effectively managed, avoiding operational surprises
- Make risk-informed investment decisions based on a shared view of ICT risks and their potential business impacts
- Prioritise the allocation of resources to areas of greatest risk
- Be more responsive to new and emerging ICT risks