Scoring Risks

• The adequacy of internal controls
• The potential threats from transactions
• History of problems with system or application
• IT Architecture and Data Classification - is there a match
• The physical and logical security of information, equipment, and premises
• The adequacy of operating management oversight and monitoring
• Human resources, including the experience of management and staff, turnover, technical competence, management’s succession plan, and the degree of delegation
• Senior management oversight and appropriate governance