Information Technology (IT) is not merely a technical function, but a management process which needs to be managed effectively. To measure the IT risk in banks there are various methodologies available. All of them at large follow the same primary steps like threat and vulnerability identification, probability identification, impact analysis etc. For technology risk assessment, American Banker Association has also recommended various resources.

Risk management approach had widely replaced the baseline approach in which a baseline/standard set of policies and practices are followed in taking business decisions without considering the criticality of the business asset or decision. In business sense, risk is the probability of getting loss from taking or not taking a business decision. The loss can be tangible or intangible. Risks can be avoided, controlled, shared, transferred and accepted. Risks can be controlled through objectives, policies and procedures.

Risk management approach enables the management to give appropriate treatment to the business assets and decisions based on their criticality to business goals and business continuity. While the basic concepts remain the same, Information Technology introduces new vulnerabilities as well as new techniques for risk management. As such, technology risk management, while following the fundamentals, needs to address these new vulnerabilities.