Governance is a Four-Letter Word

It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A new book out from the Harvard Business School Press does a pretty good job of addressing the latter and goes onto my "Recommended Reading" bookshelf.

Rajan Chandras, Contributor

September 10, 2007

2 Min Read
InformationWeek logo in a gray background | InformationWeek

It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A recent book I read does a pretty good job of addressing the latter, and goes onto my "Recommended Reading" bookshelf.

As IT continues to grow in strategic importance - and let's face it, IT "arrived" years ago, naysayers be damned - IT is also a source of increasing business risk and disruption. The vulnerability of airlines to any technological malfunction (or, of course, misalignment in the human-computer interface) is a stellar example of the disruptive power of IT.By now, we are all fairly adept at identifying risks in technology projects, but too often our view of the risks ends with the immediate impact related to the project and project stake-holders. What is needed is the ability to follow the risk threads to the logical end. In most cases, this end is the threat to one or more business processes, which can seriously disrupt the enterprise and, hence, impact enterprise stake-holders.

IT Risk: Turning Business Threats into Competitive Advantage, by George Westerman and Richard Hunter (Harvard Business School Press) does a great job of discussing technology risk in the context of business disruption. The book also proposes an approach to address technology risk, driven by…

• Three "Core Disciplines" of risk management • A four-pronged framework for managing IT risk • Five key practices for effective IT risk governance, and last but not the least • Ten ways executives can improve IT risk management

The "Monk" in me secretly laments that the authors could not find either six or twelve ideas for executives instead of ten… the math would have been so satisfying… but in other respects, the book is more than satisfactory.

I'm a strong believer in the maxim that the state of the organization reflects the state of the leadership, and this extends to risk management. IT risk management is a topic that no technology (or business) executive can afford to ignore, and I agree with the book's premise that "A risk-aware culture starts at the top."

What have you done for risk management lately?It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A new book out from the Harvard Business School Press does a pretty good job of addressing the latter and goes onto my "Recommended Reading" bookshelf.

About the Author

Rajan Chandras

Contributor

Rajan Chandras has over 20 years of experience and thought leadership in IT with a focus on enterprise data management. He is currently with a leading healthcare firm in New Jersey, where his responsibilities have included delivering complex programs in master data management, data warehousing, business intelligence, ICD-10 as well as providing architectural guidance to enterprise initiatives in healthcare reform (HCM/HCR), including care coordination programs (ACO/PCMH/EOC) and healthcare analytics (provider performance/PQR, HEDIS etc.), and customer relationship management analytics (CRM).

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights