Companies engaged in risk assessments typically review financial and operational risks, sometimes at the expense of technical risks. We recently tracked down and spoke with Dr. George Westerman—a researcher at the Center for Information Systems Research at MIT’s Sloan School of Business—to hear about his research into IT risk and effective risk management practices. An index of previous Q&As with other risk and compliance officers can be found here.
You say risks in an IT system are a corporate problem that every business executive should heed. Why?
