Risk IT Maintain risk profile

% of critical business services not covered by risk analysis

% of critical elements of IT portfolio covered by risk triggers and thresholds

% of key business activities with dependency linkage to IT resources

Completeness of key risk data attributes across IT risk register

Number of approved risk analysis results not yet incorporated into risk profile

Number of realised events with business impact not detected by trigger mechanism