The most basic definition of risk is “the possibility of loss or injury” or “the chance that an investment will lose value.” Internal controls are the policies, procedures and processes put in place to address or mitigate risks to the company.

This tool includes risk assessment questions for both IT management and executive IT management. Questions assess risks in the following areas: IT processes, organizations and relationships; educate and train users; communicate management aims and directions; assess and manage IT risks; manage quality; monitor and evaluate performance; monitor and evaluate internal control; and IT strategic planning.