Governance is a Four-Letter Word

It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A new book out from the Harvard Business School Press does a pretty good job of addressing the latter and goes onto my "Recommended Reading" bookshelf.

Rajan Chandras, Contributor

September 10, 2007

2 Min Read

It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A recent book I read does a pretty good job of addressing the latter, and goes onto my "Recommended Reading" bookshelf.

As IT continues to grow in strategic importance - and let's face it, IT "arrived" years ago, naysayers be damned - IT is also a source of increasing business risk and disruption. The vulnerability of airlines to any technological malfunction (or, of course, misalignment in the human-computer interface) is a stellar example of the disruptive power of IT.By now, we are all fairly adept at identifying risks in technology projects, but too often our view of the risks ends with the immediate impact related to the project and project stake-holders. What is needed is the ability to follow the risk threads to the logical end. In most cases, this end is the threat to one or more business processes, which can seriously disrupt the enterprise and, hence, impact enterprise stake-holders.

IT Risk: Turning Business Threats into Competitive Advantage, by George Westerman and Richard Hunter (Harvard Business School Press) does a great job of discussing technology risk in the context of business disruption. The book also proposes an approach to address technology risk, driven by…

• Three "Core Disciplines" of risk management • A four-pronged framework for managing IT risk • Five key practices for effective IT risk governance, and last but not the least • Ten ways executives can improve IT risk management

The "Monk" in me secretly laments that the authors could not find either six or twelve ideas for executives instead of ten… the math would have been so satisfying… but in other respects, the book is more than satisfactory.

I'm a strong believer in the maxim that the state of the organization reflects the state of the leadership, and this extends to risk management. IT risk management is a topic that no technology (or business) executive can afford to ignore, and I agree with the book's premise that "A risk-aware culture starts at the top."

What have you done for risk management lately?It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A new book out from the Harvard Business School Press does a pretty good job of addressing the latter and goes onto my "Recommended Reading" bookshelf.

About the Author(s)

Rajan Chandras

Rajan Chandras

Contributor

Rajan Chandras has over 20 years of experience and thought leadership in IT with a focus on enterprise data management. He is currently with a leading healthcare firm in New Jersey, where his responsibilities have included delivering complex programs in master data management, data warehousing, business intelligence, ICD-10 as well as providing architectural guidance to enterprise initiatives in healthcare reform (HCM/HCR), including care coordination programs (ACO/PCMH/EOC) and healthcare analytics (provider performance/PQR, HEDIS etc.), and customer relationship management analytics (CRM).

See more from Rajan Chandras
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Bald eagles, eagle in flight.
Cyber Resilience
9 Ways CISOs Can Stay Ahead of Bad Actors9 Ways CISOs Can Stay Ahead of Bad Actors
byLisa Morgan
Jul 24, 2024
9 Slides
Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.
Data Management
How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?
byCarrie Pallardy
Jul 22, 2024
11 Min Read
CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.
Cyber Resilience
CrowdStrike Aftermath: Lessons Learned for Future RecoveryCrowdStrike Aftermath: Lessons Learned for Future Recovery
byJoao-Pierre S. Ruth
Jul 24, 2024
6 Min Read
Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI2024 InformationWeek US IT Salary Report
byInformationWeek Staff
Jun 4, 2024
1 Min Read
Digital Security and Threat of a System
IT Leadership
11 Ways Cybersecurity Threats are Evolving11 Ways Cybersecurity Threats are Evolving
byLisa Morgan
Jun 13, 2024
11 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports