IT Risk Assessment Template
This template is designed to help SMEs in New Zealand perform a basic IT risk assessment. Use it to identify vulnerabilities, evaluate potential impacts, and define mitigation actions.
📌 Key Sections to Include
- Asset Inventory: List hardware, software, data repositories
- Threat Identification: Malware, data loss, insider threats, third-party risks
- Vulnerability Analysis: Unpatched systems, poor password practices, etc.
- Impact Rating: Define financial, operational, and reputational risks
- Likelihood Score: Rare to frequent, depending on context
- Risk Score Matrix: Combine impact and likelihood to prioritize
- Mitigation Actions: What controls or improvements can reduce risk?
📋 Example Risk Entry
- Risk: Ransomware attack on file server
- Impact: High (loss of business continuity, reputational harm)
- Likelihood: Medium
- Risk Score: High
- Controls: Endpoint protection, backups, staff training
🧭 Final Tips
- Focus on high-risk, high-impact scenarios first
- Involve both technical and non-technical staff
- Review assessments quarterly or when new threats emerge
- Document mitigation timelines and assign owners
👉 Book your free consultation today
📧 hello@virtusgroup.biz
🌐 virtusgroup.co.nz
📞 0800 847 887 (VIRTUS)