A computer system assessing risks for a joint venture. A risk, e.g., a technology or operational risk, may be associated with an infrastructure or an application that supports one or more operations of the joint venture, where the infrastructure or application may encompass an information technology system for the joint venture. A risk assessment computer system obtains risk information for identified risks in the information technology system, where the joint venture may support separate operations for first and second partner businesses on the information technology system. Identified risks may be owned by the joint venture or by one or more partner businesses and assigned accordingly. The risk assessment computer system may prioritize identified risk according to risk scores. When a control that is associated with a high priority risk category is not installed, a mitigation plan may be tracked to eliminate a high risk control gap.
展开▼
