Risk management in the private sector is a well-studied and analyzed function. Companies mitigate risk associated with interest rates, currency exchange rates, physical liability arising from plant accidents, civil liability arising from shoddy manufacturing practices and so forth. In the public sector, there can be more challenges to risk management since the philosophy of risk management may change as elected officials change. The rise of the Internet and the proliferation of computers in the workplace increase the responsibilities of risk management, with the result that new strategies are necessary to combat entirely new risks which have only partially been catalogued. This research considers the issue of risk management in general, the challenges facing information technology managers and the risks to information systems, and specific issues that may confront information systems risk management across the broad spectrum of the criminal justice environment.
Traditionally, risk management occurred within departments; this compartmentalized-or silo-approach to risk management provided a biased view of the risks confronting the organization, and made it possible for groups to overlook possibly more significant risks simply because there was no mechanism in place to identify those risks. Individual departments developed their own mechanisms for identifying and quantifying risks, and often took action based on that isolated risk identification. The overall perception was that if each department minimized the risk that it identified and assessed, then the organization as a whole would, as a natural result, minimize the overall risk that it faced (Lam, 2003).
As an example, municipal finance departments often have risk identification programs in place for individual projects as well as for issuing bonds. These groups are able to identify interest rate risks, commodity risks, and other economic risks tha...