Information Technology Reference
In-Depth Information
Corporate risk includes various risks depending on the nature of the business and IT envir-
onment. The IS auditor should have a good understanding of IT risks before reviewing the
disaster recovery infrastructure.
One of the risks facing an enterprise might be its inability to maintain critical customer
services after an incident, such as a virus attack, a hacker breaking into the customer data-
base, or an employee crippling the internal computer network. Inability to maintain critical
customer services would mean that the enterprise may lose millions of dollars as required
services would not be provided to customers. A prolonged outage might take the enterprise
out of business or make it impossible for the enterprise to fully recover from the effects of
the disruption.
Such an incident might also damage the market share, image, reputation, or brand of the
enterprise. Competitors would also take advantage of the outage and offer customers al-
ternative services. Customers would not wait for the enterprise to recover and restore its
business. If customers discover that the enterprise is not able to offer services, they have
the option of switching to competitors offering similar services. Such an eventuality would
definitely cause the enterprise to lose its market share to competitors, which might be dif-
ficult to win back.
Most customers and suppliers might also suffer losses due to the disruption of services.
This would result into the reputation of the enterprise being affected. Depending on how
the incident is resolved, some customers and business partners might not be willing to take
up new contacts with the enterprise. The brand would also suffer as it would be associated
with a failed service. It would take time to repair such damage.
There is also the risk to company assets such as deliberate damage, natural causes, and
theft. Deliberate damage to company assets can be caused by internal employees or ex-
ternal parties. It is common to see commercial espionage in certain industries where com-
petitors initiate such actions of damaging assets belonging to other companies in the same
industry. In some cases, damage to company assets can be caused by employees on indus-
trial strike. They would deliberately damage company assets as a way of advancing their
agenda.
Theft of company assets is another risk the enterprise faces. The company might have po-
tentially lucrative assets, such as computer software, machinery, inventory, cash, and gold
reserves. Such assets are a target of thieves trying to lay their hands on. We have heard of
organized syndicates looting company assets on a big scale, such as processed minerals like
gold or diamonds. Information is also a big asset in an enterprise which can be targeted by
thieves and hackers who can later sell the information to competitors or other scrupulous
agents. Information sits on enterprise servers which themselves can be a subject of attack.
Hackers have become very sophisticated such that they are able to access information even
Search WWH ::
Custom Search