Risk Management Services

Mission
Risk Management Services, part of Enterprise Security and Risk Management Office, supports the State CIO in the performance of duties and responsibilities associated with: information technology risk management, continuity of operations/continuity of government as it relates to information technology, and internal audits/assessments of information technology infrastructure. The Risk Management Team offers services designed to identify and provide guidance on potential events which may impact the delivery of information technology services and provides management with reasonable assurance that entity objectives are being achieved. The division works with state agencies, federal and local governments, and private sector businesses as necessary.

Objectives:

• Risk Analysis
  • Assist agencies with the identification of risks by evaluating threats, liabilities, and vulnerabilities.
  • Provide consultation on risk analysis and evaluation
  • Consult with agencies on risk mitigation options
  • Support risk evaluation tools, processes, and procedures
  • Contribute to the improvement of risk assessments and control objectives
• Continuity of Operations Plans (COOP) and IT Business Continuity
  • Review agency continuity plans for key IT components
  • Support enterprise disaster recovery software
  • Ensure compliance with statutory requirements
  • Provide training to state employees in the area of disaster recovery/business continuity
• Internal Audits/Assessments
  • Coordinate internal audits/assessments
  • Report findings/recommendations to management
  • Facilitate external audits
  • Assist with the coordination agency audits performed on ITS infrastructure