As IT continues to grow in strategic importance - and let's face it, IT "arrived" years ago, naysayers be damned - IT is also a source of increasing business risk and disruption. The vulnerability of airlines to any technological malfunction (or, of course, misalignment in the human-computer interface) is a stellar example of the disruptive power of IT.By now, we are all fairly adept at identifying risks in technology projects, but too often our view of the risks ends with the immediate impact related to the project and project stake-holders. What is needed is the ability to follow the risk threads to the logical end. In most cases, this end is the threat to one or more business processes, which can seriously disrupt the enterprise and, hence, impact enterprise stake-holders.
IT Risk: Turning Business Threats into Competitive Advantage, by George Westerman and Richard Hunter (Harvard Business School Press) does a great job of discussing technology risk in the context of business disruption. The book also proposes an approach to address technology risk, driven by…
• Three "Core Disciplines" of risk management • A four-pronged framework for managing IT risk • Five key practices for effective IT risk governance, and last but not the least • Ten ways executives can improve IT risk management
The "Monk" in me secretly laments that the authors could not find either six or twelve ideas for executives instead of ten… the math would have been so satisfying… but in other respects, the book is more than satisfactory.
I'm a strong believer in the maxim that the state of the organization reflects the state of the leadership, and this extends to risk management. IT risk management is a topic that no technology (or business) executive can afford to ignore, and I agree with the book's premise that "A risk-aware culture starts at the top."
What have you done for risk management lately?It's probably true in more ways than one, but the four-letter word I'm thinking of is RISK. The ultimate objective of IT governance is two-fold: enhance business value and reduce business risk from information technology. A new book out from the Harvard Business School Press does a pretty good job of addressing the latter and goes onto my "Recommended Reading" bookshelf.