CHAPTER THIRTY-ONE

Displacement Control

THE ULTIMATE CONTROL in any event of something untoward happening is the displacement control involving transfer of the risk to a third party through insurance. In many cases this control can cover a variety of threats such as data corruption, viral attack, system crashes, and even strike action.

INSURANCE

For most organizations, risk management is classed as relative and risks are managed depending on the risk appetite or willingness to accept risk of the parties involved. This is in contrast to the typical IT approach to risk where control is commonly viewed as an absolute. That is, either full control or no control and risk is seen as something to be avoided at almost any cost.

With the realization that absolute control is neither possible nor even desirable because it is generally within the areas of risk that an organization makes its profits, risk avoidance has given way to risk management where risks are divided into those that are appropriate to control; those that cannot be avoided and must be accepted; and those that remain unacceptable and can be transferred to a third party, normally via an insurance policy.

In order for the insurance to be effective, however, the right type of coverage must be obtained. Most insurance policies do not cover maintenance costs or normal wear and tear, but insurance can be sought for losses caused by electrical or mechanical breakdown, fraud and dishonesty, consequential losses, or damage caused ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.