Conclusion

After implementing a Risk Management Framework in a company, it is necessary to constantly revise the IT risk management policies on their effectiveness and efficiency. As we have seen, if this is not done properly, the damages inflicted during an occurrence of a risk can range between high financial losses to a near discontinuing of the business. Although enterprise risk management frameworks are providing us with guidelines and policies how risks should be managed to stay in compliance with laws and best practices, employees tend to ignore precautions or boundaries of these if the reward is estimated to be high enough or simply to reduce the burden of compliance during operations. At this moment, an auditor has to make sure through the use of the traditional techniques and technology that employees adhere to the rules. The latest developments and continuous automatization of software can and will help auditors in the future to simply their task of controlling and revising the boundaries, incentives and segregation of duties.