When planning for an internal IT risk assessment, it is a good idea to have a solid understanding of risk management first. The finance and accounting departments in most organizations now have a firm grasp on risk management from a business perspective, thanks to Sarbanes-Oxley. However, when the IT Security department takes responsibility for an internal IT risk assessment, some things are lost in translation. An effective risk management program protects the company and its ability to perform their mission.