The approach to risk management needs to be scalable to address different sizes and sources of risk. Typically, this may involve using the risk management framework in different ways, possibly beginning from different starting points.
Scalability should address each of the following sources of risk:
Major Business Risks. Mergers, acquisitions, introduction of new e-business sites and opportunities, legislation, legal issues.
Key IT Risks. Introduction of new technologies supporting business processes, whether internal or external.
Project Risks.
Risks to business continuity introduced by a project
Risks to the benefits realization of a project (risks to achieving benefits of project)
Risk to successful project delivery.
Individual Risks & Incidents. Inherent in work and practices involving use and practice of IT.