There is an increased number of IT incidents worldwide. It is, therefore, essential for organisations to review their IT processes critically, identify IT risks, and manage them appropriately to avoid negative impact on their businesses.