Today’s fast-paced environment has had a major effect on how organizations operate these days. Organizations once used forecasts and projections to operate smoothly, but that has changed. Now risk management is recognized as an in integral component of good management and governance

Rather than make business decisions cast in stone, there is now a new focus on managing risk – anticipating what possible events - positive or negative - may occur and focusing organizational efforts on prioritizing and managing them before they even affect the organization. The ability to manage risk helps our agency act more confidently on future business decisions. While risk management is usually associated with avoiding bad things, it is as much about identifying opportunities as mitigating losses.

Risk management is important for our agency because without it, we would not be able to define our objectives for the future.

Risk and Information Technology

Information technology (IT) is no longer a department tucked away with little impact on day-to-day affairs. IT has become so integrated into our personal and professional lives that it touches upon almost everything we do. Due to its expansive influence and the unique scenarios it presents, it is essential to factor risk management in IT into the larger risk landscape of the agency.

Risk management is the application of risk management methods to information technology and other departments and programs within our agency. We do this to balance the operational and economic costs of protective measures that work to ensure we achieve our mission and strategic goals. In the IT world, risk management is a complex, multi-faceted activity that interfaces with other complex activities in our organization.

As suggested, information is a most important agency asset. Therefore, we go to great lengths and take strong measures to protect it. This is especially important in today’s business environment where we find everyone is increasingly interconnected and, in which, information is now exposed to a growing number and wider variety of threats. Protecting our data means protecting its confidentiality, integrity and availability. The consequences for failing to protect all three of these aspects include business losses, legal liability, and the loss of agency goodwill.

Failure to protect our data’s confidentiality might result in client credit card numbers being pirated, with accompanying legal consequences and a loss of goodwill. A data integrity failure might result in a Trojan horse being planted in our software, allowing an intruder to pass our agency information on to one of our competitors. If an integrity failure impacts our accounting records, we may no longer really know our agency’s true financial status.

Having appropriate policies and procedures in place means that we have taken steps to provide guidance for employees, have taken steps to mitigate the risk of losing data and have addressed agency security in an organized, comprehensive and holistic way. Please take a few moments to acquaint yourself with the policies and procedures Catholic Charities has implemented. Every employee needs to be aware of his or her roles and responsibilities when it comes to managing the security of our internal information. By clicking on each link you will be able to access the specific policy shown in the link itself.