In any major change, there are many significant risks that need to be evaluated and managed. As discussed, it is a necessary part of corporate and IT governance that there is an appropriate framework of accountabilities and processes in place to evaluate and address these risks.
You will find with most risk evaluation approaches, regardless of whether these relate to IT-enabled change, that there are structured steps involved in managing the risks. These include:
identification of the risks and the possible impacts;
assessment of the risks identified in terms of their probability and severity of impact;
decisions on those risks that are to be accepted because they are unlikely to occur or will have minimum impact or are ...