GTAG – IT Outsourcing Delivery: Risk and Control Considerations




            framework and sound risk management practice. They are
            metrics capable of showing that the organization is subject
            to, or has a high probability of being subject to, a risk that
            exceeds the organization’s risk threshold — that is, what
            is acceptable before action should be taken. Monitoring
            KRIs can be useful in helping the business reduce losses
            and prevent exposure by dealing proactively with a risk
            situation before an event actually occurs. The user entity
            and the service provider should develop customized KRIs as
            part of their risk management process.

            Performing ongoing evaluations and continuous monitoring
            of IT risk indicators will provide assurance and more
            importantly raise issues in time for management to act and
            pre-empt risk.





























































                                                             23