There are 440 million reasons to learn these risk lessons, and here is every single one: Just kidding — but the installation problem at Knight Capital was no joke. An error in Knight’s software caused a slew of incorrect stock trade orders to go out, causing Knight capital to lose somewhere in the vicinity of US $440 million. The impact was tremendous, and all caused because of a few mistakes. It is with this catastrophic error in mind that Brian Barnier writes this article found on ISACA.org. He provides three IT risk lessons that Knight Capital could have certainly used before the series of events that left them four hundred million in the hole. At a high level, the advice is to modify the way your company treats risk through preventing incidents, enabling faster business value creation, and avoiding the wasted time and money that is inherent with many risk management efforts. Barnier goes on to list the three risk lessons, starting with the tip “focus on the objective”. This means managing the risks that affect business objectives. It’s not enough to just have a good risk management plan that would protect IT; you’ve got to have a risk management plan that takes the moneymaker (business) protected as well. Every decision in the risk management process needs to be tied to an overall business objective. Instead of asking “how can this protect our servers”, ask “how can this protect our company’s bottom line”. The next tip is often recited but rarely followed: learn from history. Risk management isn’t just a flash-in-the-pan application from three months ago; it’s a process that has been developed and optimized. Don’t just assume that you can buy a consultant’s time or a new piece of software and have your risk management sorted out. You have to take the time to learn (at the very least) some of the fundamentals of risk management. It makes the process part of your mindset and helps you identify possible problems long before others might. The final tip is to “properly frame the problem”. Do you already have a systematic way of identifying and resolving the most common errors your organization faces? Do you have a backup plan for your backup plan? When was the last time you tested the process created for emergency power outages, renegade code or security breaches? If you don’t know the answer (or do, and don’t like what the answer is), it could mean the next issue that arises costs you millions.