Risk IT Articulate risk

% of critical IT assets covered by monitoring activities

% of risk analysis reports accepted on initial delivery

% of risk issues inappropriately distributed in the organisational hierarchy

Frequency of risk management activity reporting

Number of IT risk issues identified by outside parties yet to be incorporated into risk profile

Number of IT-related events with business impact not previously reported as IT risk

Potential business impact of exposures discovered by assurance groups

Timeliness of reports on IT exposures relative to next expected threat