Risk is defined as uncertainty of outcome, whether it may result in a positive opportunity or negative threat. Managing risks requires the identification and control of the exposure to risk, which if materialized may have an impact on the achievement of an organization’s business objectives. Every organization manages its risk, but not always in a way that is visible, repeatable and consistently applied to support decision making.
This is true for many organizations, where one of the greatest risk factors is a lack of accurate information when making decisions. The goal of risk management is to ensure that the organization makes cost-effective use of a risk framework that has a series of well-defined steps. The aim is to support better decision making, through a good understanding of risks and their likely impact.
Service Strategy should seek to maintain the appropriate balance of risk and reward in regards to investments and capabilities invested and maintained for IT.