Many IT executives create a Disaster Recovery Plan but is this all there is to risk management? A risk is simply “the Possibility of a problem or issue” in meeting IT’s responsibilities and commitments. As a result, the first step in risk management is to clearly identify responsibilities and commitments. IT operates and supports infrastructure but they are also responsible for operating and maintaining applications and consulting with the business to assist with planning and training. Issues affecting application availability, reliability, and accuracy must be managed. Finally, the failure to implement management processes for tracking commitments, measuring progress, and ensuring they are met also represent risks. Successful risk management addresses issues with infrastructure, help desks, application support, project management, and service management.