I run a course at the MIT Sloan School called Essential IT for Non-IT Executives. Every time my colleagues and I come to the end of the course, we ask people what they considered the most important thing they learned. Surprisingly, many people say it was “how to have the IT risk conversation.”