As technology leaders work through the Resilience, Recovery, and New Reality phases of COVID-19 business impact, they will face challenges and uncertainty that have not been faced before, and understandably, their responses should vary based on organizational priorities. What is clear is tech risk professionals (tech risk and tech audit functions) need to have a strong point of view of their value proposition. They should be laser focused on identifying control deficits and new risks. They also need to define the new “standards” of risk and control, which will inevitably change with new ways of working and greater influence from technology consumers.
This paper provides a framework designed to be a rapid impact assessment that will enable tech risk professionals to address the statements outlined above while providing a mechanism to continuously assess technology risk in light of the ever-changing risk landscape as organizations address the fallout from the global impact of COVID-19.