TraceRiskSILOTechnologyTechnology Risk

Technology Risk

Technology risk is the current and prospective risk to earnings and capital arising from the failure to identify, measure, control and monitor technological activities. The institution should: 1) plan for use of technology; 2) assess the risk associated with technology; 3) decide how to implement the technology; and, 4) establish a process to measure and monitor the risk that is taken on. The risk identification and management process for technology-related risks is not complete without consideration of the overall IT environment in which the technology resides. Management may need to consider risks associated with IT environments from two different perspectives: 1) if the IT function is decentralized, and business units manage the risk, then management should coordinate risk management efforts through common organization-wide expectations; and, 2) if the IT department is a centralized function that supports business lines across shared infrastructure, management should centralize their IT risk management efforts.