Would you agree that IT risk is now far too important for IT departments to handle? This idea is the premise of an article written by John Leyden and featured by The Register. IT has become so important to business – both in internal operations and customer interaction – that risks affect the whole organisation. However, this is not to say executive management is completely aware of those IT risks. As Richard Hunter, vice-president of the Gartner group explains: Although information technology has become integral to the smooth running of businesses, many organisations lack awareness of IT risk issues. As a result, many are unprepared to deal with challenges ranging from merger with another firm to disaster recovery. Failure to grasp the nettle and cope with IT risk left firms at a competitive disadvantage, Hunter explained. The article goes on to list examples where a failure in IT had lasting and real consequence: a data breach at ChoicePoint led to new regulations for an entire industry, the London Ambulance Service found its workers using pencil and paper after the dispatch system failed. The risks that can occur in IT – as well as the consequence of those risks – must be understood by executive management. Without their support, effective decisions cannot be expected and future risks cannot be mitigated.