My @ISACA column was published recently on risk ownership. Its a problem all risk professionals have to deal with at some point in their careers: when IT is expected to own what is ultimately business risk. I use absurdity to illustrate how absurd this is ;-)
You can read the column here.
2 thoughts on “Who Owns Loss Owns Risk”
Would an unnamed retailer that is fond of red consider your illustration absurd?
Great contribution to what is a subtle, and often times difficult, perspective on risk ownership!
Sorry for not responding sooner. When I wrote this, I didn’t have “Red” in mind, but its easy to see how it may apply in such scenarios. Cleaning house on the IT side doesn’t remove the people in the organization who will really feel the impact of such a loss.