Using Your Risk Assessment Results

Once you’ve completed your risk assessment. Once you’ve actually gotten this document, you’ve begun working on it, remediating it, and monitoring your progress. That risk assessment is going to be key for other individuals within your organization. From the very top, usually your board of directors is going to want to see and approve the risk assessment and your mitigation plans and your acceptance of risk. Your C-suite and your operational team are going to want to know the environment in which they’re operating, and they’re going to want to know risks that are addressed by other elements of the organization. It is especially important that your technology and security officership see risks from across the entire entity. If they don’t, how can they act to protect the processes that you’re putting in place to deliver the services that are present. And finally, you should consider distilling your risk assessment for other areas in the company. I can’t be too specific on those individuals, but it’s often good for people, even on the line, to understand exactly why they do the things they do and relating it back to your risk assessment. To point back to that core principle that underlies this policy that you’re asking them to sign off on may be key to generating that understanding with employees across the entity. The risk assessment practice is only going to be as good as the people who know it and the level of understanding that they have of your outputs. 

Related Videos