Operational Risks of Information Technology can be divided into risks that are intrinsic to IT or extrinsic to IT.
Intrinsic IT Risks are mostly part of OPERATIONAL RISKS a company has to deal with.
It is helpful to cluster these operational risks that are associated with IT into three areas:
1. Insufficient functionality
applications and services that do not fulfill the demand appropriate and/or adaequate
2. Insufficient internal capabilities
Ability to run, maintain, support and/or secure the applications and/or infrastructure
3. Insufficient supplier or partnerships
Supplier or partner who are responisble for underpinning services not being able to execute
or relationships with these partner are not being managed adaquate so the partner is not able execute
Extrinsic IT Risks are all risks that are externally rooted and can have an effect on your IT or your company.
These risks have to be taken into consideration from an IT executive especially when you are responsible for global IT services, solutions, infrastructures or contracts.
An excellent starting point for structured analysis of these risks are the annual published Risk Reports of the WORLD ECONOMIC FORUM.
The World Economic Forum has set the 2013 Agenda for Global Risks:
You will find an excellent source of interactive information here:
A really practical video that adresses all potential weaknesses a company should take into consideration when think about cyber resiliance is presented by Delloite