Down To Business: Manage Risk, But Don't Become Paralyzed By It

Management philosophers have long held forth on the chief role of the chief information officer. We've been told that these preeminent business technology execs must be adept at managing complexity and managing the accelerating pace of change and even managing their bosses' expectations. Let's hurl another esoteric priority into the mix: managing uncertainty.

Esoteric, yes, but not theoretical or trivial. In fact, a company's life can depend on its ability to anticipate technological, economic, financial, regulatory, and other big forks in the road. That burden doesn't rest wholly on the IT organization, of course--and we must guard vigilantly against creating a culture of bureaucracy and paralysis--but IT leaders must be active players in mitigating a wide range of business risks.

Take the subprime mortgage mess (please). With the clarity of 20/20 hindsight, most everyone today thinks banks and other mortgage companies, as well as their government overseers, should have had the checks and balances in place to rein in aggressive and sometimes predatory lending practices that have led to widespread foreclosures, rippling through the economy. Regardless, now that the mortgage crunch is escalating into a full-blown crisis--as credit gets tighter and consumers, investors, and companies get skittish--it's raising the cost of investing in everything, including IT. As such, it's the CIO's role to chart a course through the capital spending and other ramifications of this stark business reality.

Business technology execs are more accustomed to managing risks that hit closer to home, like natural and human-inflicted disasters that can take out data and call centers. Then there are the risks of picking the right technology architecture. Here, CIOs as a whole are getting more astute. Instead of the big bang, all-consuming SAP implementations and Y2K change-outs of yesteryear, we now have the more incremental software-as-a-service and server virtualization kinds of build-outs. Where they can, CIOs also are pushing more of that heavy lifting to their vendors. Information security and regulatory compliance remain among the most unwieldy of CIO risk management responsibilities. Stick an exponent onto the complexity of all those disciplines as your organization goes truly global.

Even still, the CIO's risk horizons are expanding further. Add to the above list vendor viability (will that technology startup you're evaluating be around in three years?), intellectual property infringement (is the technology you're using violating a third party's rights in any way?), and business malfeasance (is there an explicit or implicit covenant with customers to ensure a certain level of service?).

As I got to writing about this broad subject, I received a news release from Enterprise Management Associates, whose new study on this very same subject (pure coincidence) is both enlightening and disconcerting. For one thing, the analyst firm's description of its study is daunting: "EMA explores how the convergence of IT domains ranging from performance, availability, configuration, and change management to business risk, trust, and security controls is defining an entirely new class of solutions." The release goes on to say that those new technologies and tools are "geared toward flexibility, adaptability, integration, and interoperability."

Such tortuous process intermingling may be the stuff of a business and technology consultant's dreams, but even if these governance tools are all they're cracked up to be, the specter of all these converging business and IT domains is mind-numbing, especially to the CIOs and other technology pros who take pride in the doing and not just the governing. Heaven help us if our nation's IT execs must spend all their waking hours thinking like actuaries, accountants, and lawyers, plotting worst-case scenarios and insulating their organizations not just from risks but also from opportunities.

Rob Preston,
VP/Editor in Chief
[email protected]

To find out more about Rob Preston, please visit his page.