This sample tool can be used as a guide for understanding and assessing an organization’s IT and business risk alignment process.

Leading alignment practices include spending a significant amount of time documenting and testing controls, adopting a service model to establish a link between IT risks and business functions/processes, mapping IT services to critical business services, aligning metrics and IT reporting to business services expressed in business terms, focusing on reducing the number and duration of critical incidents, and defining reporting requirements upfront and designing processes to deliver against these requirements.