Strategic Technology Risk Management

Patrick McConnell

This chapter will provide an overview of the overall technology risk management process based on the example of the international standard ISO 31000, but also integrating the “Risk IT” standard. The chapter will also describe the international standard ISO 31000/2009 as an exemplar of a risk management framework. Although recommended as a useful model of an risk management framework (RMF), other models are available, and if a firm has already selected another model (such as COSO) then the risks should be managed using that framework. However, it should be noted that the same processes will have to be performed, only in a different sequence or with a different focus.


For regulated financial institutions, Basel II requires (Basel, 2004) that:

A bank should develop a framework for managing operational risk and evaluate the adequacy of capital given this framework. The framework should cover the bank’s appetite and tolerance for operational risk as specified through the policies for managing this risk, including the extent and manner in which operational risk is transferred outside the bank. It should also include policies outlining the bank’s

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to View our subscription options

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here