Dealing with IT Risk in Nine Major Dutch Organizations

In addition to architecture and IT portfolio management, IT risk is often mentioned as the third aspect that needs consideration when governing the application of IT such that it optimally fits in with an organization's requirements (Dhillon et al [6]). This article investigates the degree of awareness with respect to IT risks and the measures that are taken to reduce these risks in nine large Dutch organizations. The study shows that IT users in these large organizations, faced with the question which risk they consider the most serious one, all mention the lack of agility of their IT. Regarding the measures that are taken for limiting risks, one may conclude that these large organizations often have not organized IT risk management as a separate function that reports directly to the senior management.