Course Objectives.
1. Provide an overview of risk management, how it fits into the system development life cycle (SDLC), and the roles of individuals who support and use this process.
2. Describe the risk assessment methodology and the nine primary steps in conducting a risk assessment of an IT system.
3. Discuss the various factors involved with the risk mitigation process.
4. Discuss the need for an ongoing risk evaluation and assessment and the factors that will lead to a successful risk management program.

Risk Management in the IT Environment (RMITE) is a one-day training session designed to provide attendee’s with an introduction to a structured risk management process adopted for many organization’s information technology (IT) systems. In this digital era, as organizations use automated technology to process their information, risk management plays a critical role in protecting an organization’s information assets from IT-related risk. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. The training material is also designed to provide an overview of selected cost-effective security controls. These controls can be used to mitigate risk for the better protection of critical information and the IT systems that process, store, and carry this information. Our role as auditors is to evaluate the adequacy of established procedures and processes employed to address risk and to assess the effectiveness of controls that have been implemented to ensure continuity and consistency of operations for information systems that support the operations and assets of the agency. Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM) and selected National Institute of Standards and Technology (NIST) Special Publications, the training material covers various aspects of the risk management process including nine primary steps which encompass the risk assessment methodology. The topics presented are designed to give the auditor and audit management a thorough overview of the various factors that should be considered by management in establishing a viable risk assessment methodology and the key audit procedures necessary to evaluate the adequacy of management’s actions.