IT Risk Management


“Risk involves choice and uncertainty: Risk is inevitable” – Robert Charrette

We provide a comprehensive set of guidelines and principals to help organisations effectively identify and manage IT risk (Business risk related to the use of IT).

Our Risk Information Management Assessment service can help you identify and improve the key issues constraining your ability to effectively manage risk and return.

MentPro makes use of a set of guiding principles for the effective management of IT risk.

Benefits of our Services

  • Supporting strategic and business planning.
  • Supporting effective use of resources.
  • Promoting continuous improvement.
  • Fewer shocks and unwelcome surprises.
  • Quick grasp of new opportunities.
  • Reassuring stakeholders.
  • Helping focus internal audit programme.
  • Better securing of the IT systems that store, process or transmit organisational information.
  • Assisting management in authorising (or accrediting) the IT systems on the basis of the supporting documentation resulting from the performance of risk management.

“Risk comes from not knowing what you are doing” – Warren Buffet

Our Methodology

The objective of performing risk management is to enable the organisation to accomplish its mission(s) in line with ITIL, COBIT 5 and the BS and ISO Standards.

Identifying risk for an IT system requires an understanding of the systems processing environment.

To achieve this, system related information needs to be obtained, which is usually classified as follows:

  • Hardware.
  • Software.
  • System interfaces (e.g. internal and external connectivity.
  • Data and information.
  • Persons who support and use the IT system.
  • System mission (e.g. The processes performed by the IT system).
  • System and data criticality (e.g. The systems value or importance to an organisation).
  • System and data sensitivity.

The Steps in the risk management process:

  • Establish the context.
  • Risk identification.
  • Risk assessment.
  • Potential risk treatments.
  • Risk avoidance.
  • Risk reduction.
  • Risk retention.
  • Risk transfer.
  • Create the mitigation plan.
  • Implementation.
  • Review and evaluation of the plan.

All of the steps above should be part of a “live” process that continually strives to identify and manage risk. This is outlined in the diagram below:


MentPro - Johannesburg
Tel: +27 11 486 1422
Fax: +27 86 512 7009

MentGrow - Johannesburg
Tel: +27 11 486 1422
Fax: +27 86 512 7009

Physical address
2 Coetzer Street , Greenside , Johannesburg