Historically, IT has done a poor job quantifying both the risk and return on technology investment in financial terms. Organizations have tended to think of technology investments as delivering little bottom-line value to the company. Most analysis of risk and reward is qualitative in nature, if done at all. CIO typically does not have to decide on a single investment, but rather faces a whole portfolio of different investments to evaluate, each with their own perceived level of risk. IT must have an effective plan to quantitatively measure the risk of any technology investment.”]