Security

6 Risk Management Best Practices You Can Implement Today

6 Risk Management Best Practices You Can Implement Today

Understanding risk management (and why it’s important) as I highlighted in my last post, Why Risk Management Is Critical to Your IT Infrastructure, is essential as you begin to plan a course of action.

In this post, we’ll continue to explore risk management, and highlight six best practices to keep in mind.

1.   Start By Developing a Basic Risk Management Strategy

Risk management requires a methodical approach to controlling risks, which is why it’s important to develop a game plan ahead of time. If you work in IT, you know you can’t constantly watch over employees to make sure they avoid all risks associated with the IT infrastructure they use.

As an example, an employee might install unauthorized software from home, or they might forget to install a critical security update.

Fortunately in the modern IT environment, help desk or service desk software often includes risk management features. These features not only help you automatically detect these types of risks, but also provide a good starting point when thinking about how to prevent them.

A common starting place for identifying risks is to scan or discover hardware and software on your network. This helps set the wheels in motion for another best practice for understanding risks: asset management.

2.  Implement IT Asset Management for Monitoring

One aspect of reducing risk within IT is by monitoring your company’s technology assets over time, from hardware like laptops to servers or anything on your network.

Asset lifecycle management software can automatically detect risks and provide this data to your sysadmins, so your team can make the necessary adjustments to mitigate these risks.

3.  Behold the Power of Data

An IT asset management solution is only useful if you make use of the data it can provide. No matter the data type or source, having this information handy and using it to make decisions can help uncover potential risks you may otherwise not be aware of.

From a service desk standpoint, leveraging asset management data is one way to do this and can allow you to collect a variety of user data on just about anything.

Curious what this looks like in practice? Our team of ITSM experts discussed how ITSM pros across industries are making smarter decisions thanks to their asset data.

Whether it’s information related to the current state of a hardware device, or an expiring contract with a vendor, good data is one of the biggest factors for predicting and identifying potential risks.

4.  Detect and Remove Unauthorized Software

Shadow IT practices—like employees downloading applications without the IT department’s knowledge—are seemingly harmless activities that can create risk in your organization, unless you have a way to know what’s actually going on.

Automatic risk detection can eliminate the inconvenient task of walking around to inspect each employee’s machine (which, unfortunately, I’ve experienced in some companies) in order to check for software license compliance.

If your IT department is still in manual risk detection mode, this type of automation can be a huge timesaver.

5.  Perform a Business Impact Analysis

Going hand in hand with risk analysis is the practice of performing a business impact analysis (BIA). It’s a good strategy for identifying the risks likely to have the greatest impact on your organization, should something occur.

BIA is a key ITIL term often discussed in a financial context. That’s because BIAs are helpful in identifying which areas are likely to impact the business the most financially in the event something unexpected occurs.

Once the most important risk scenarios are identified, an organization can begin a risk mitigation process.

6.  Stay Informed With Dashboards and Alerts

The best way to minimize the chance of damage occurring to your IT infrastructure as a result of a detected risk is to have the ability to view risks easily, and alert the appropriate service providers if an action needs to be taken.

One common way to do this is by sending an alert email on the backend to your IT team as detected risks begin to appear, so they can be resolved in a timely manner. While some risks are more urgent than others, it’s good practice to have an easy-to-view dashboard at your disposal to monitor on a regular basis.

Risk management is really just the tip of the iceberg when it comes to IT service management best practices. That said, the above strategies are steps you can start taking today to help keep your organization prepared for the worst.

For other ideas for improving your internal processes using IT asset management, check out our on-demand webinar Using Complete ITAM Data to Improve Your ITSM.


With nearly 15 years of experience in the IT industry, Matt Cox is a lover of creating technical solutions and successful customers. As the Senior Director, Technical Operations, ITSM, he leads the talented team of ITSM solutions engineering, on-boarding, and support teams, working with customers of all sizes and across many different industries to create tailored service management solutions using ITSM and ITIL best practices. Fun fact—he once went hang gliding off a cliff in Ecuador.