When it comes to enterprise governance, risk and compliance, it seems like there are parallel universes within companies. For example, there's the art and practice of GRC in general, and then there's the art and practice of IT GRC.

So it goes with risk management. There's a sub-discipline, IT risk management, that should be considered as distinct from overall risk management.

In the view of Gartner, an IT risk manager has "overarching responsibility for the coordination and execution of IT and related risk management strategies across the enterprise. This includes promoting common IT and related risk practices throughout the enterprise and synchronizing enterprise technology efforts," notes Financial Director.

That said, it would be a mistake to silo the function too aggressively. The role of IT risk managers is moving beyond IT, touching many other areas. And the link between IT risk management and other risk managers is increasingly a critical point of communication. So it pays to develop someone with a wide lens for these sorts of jobs. 

For more:
- here's the article

Related Articles:
Are you reporting enough ERM data?
Time to focus on disclosure risks
Time to get serious about ERM?