ICT risk management guidance
Understand how to implement a risk management process that enables critical information and communications technology (ICT) risks to be effectively identified, managed and governed.
“ICT risk refers to the business risk associated with the use, ownership, operation, involvement, influence and adoption of ICT within the department.”
Queensland Government Chief Information Office
This guidance is an extension of the All-of-Government (AoG) ICT Operations Assurance Framework, which outlines the principles of good assurance.
AoG ICT Operations Assurance Framework
Audience
- Business Owners and ICT governance bodies
- Chief Information Officers (CIOs) and Chief Digital Officers (CDOs)
- ICT leadership teams
- internal audit functions
- security and risk practitioners
Benefits
- Clarify objectives for how ICT supports business outcomes
- Make sure critical ICT risks to service delivery are identified and effectively managed, avoiding operational surprises
- Make risk-informed investment decisions based on a shared view of ICT risks and their potential business impacts
- Prioritise the allocation of resources to areas of greatest risk
- Be more responsive to new and emerging ICT risks
Detailed advice
- ICT risk management guidance
- ICT risk management guidance (PDF 823KB)
- Pocket guide: ICT risk management guidance (PDF 360KB)
- Guidance and templates for ICT operations assurance
More information
Email: systemassurance@dia.govt.nz
Utility links and page information
Last updated