Risk Identification & Evaluation

Selling IT projects to the business is complex – even in situations with significant regulatory pressure. One of the reasons is that IT still tends to be too technical. This panel will talk about how to use risk identification and evaluation to translate what IT wants to do into business terms. It is about speaking the language of the business and thinking in risks. It is as well about setting the focus right by understanding the priority of actions to take. Based on that, IT can provide business with the recommendations business really needs.

For introducing Access Governance and the underlying core IAM processes, business involvement is mandatory. This process requires guidelines, policies, role models, and especially the definition of ownerships and responsibilities in business. On the other hand, business is somewhat reluctant given that it has to do its business anyway, despite the need for requesting and recertifying access. Different stakeholders in the organization need to be involved to set up these policies: Auditors, Business process owners, managers, application owners, information owners, administrators, and others. In this Panel, industry experts discuss about their experience on how to successfully get the buy-in of business and ensure the participation. A key element is keeping things lean and preparing them well to minimize the impact while achieving maximum output.