Corporate dolts need to realise risk management is not a technology

8 Dec 2008

Organisations that treat IT risk management as a technology issue rather than one of corporate importance will leave themselves exposed to a plethora of problems that could threaten the health of the entire business, according to a new report by the Butler Group.

The report, IT Risk Management, said that while technology support will be required for risk management, it is just as much an organisational issue, with the emphasis on putting the right people in the right roles and giving them the necessary guidance and authority.

“The consequences of failing to manage IT risks pose a serious threat to any organisation” said Rob Hailstone, Software Infrastructure Practice director at the Butler Group.

“It follows that IT risk management efforts should have senior executive sponsorship and form part of the broader corporate risk management initiative.”

The increasing complexity of IT systems, including their distributed nature, remote and mobile access, and direct support for access by external users, have made risk management both more critical and more difficult.

At the same time, the degree of dependency on IT services has escalated, with many organisations suffering significant financial penalties after only a short period of unavailability.

Headline incidents detailing the careless loss of sensitive information continue to cause considerable embarrassment to corporate executives, and increasingly lead to direct or indirect financial penalties.

Additionally, the IT industry still has a long way to go in improving its track record for delivering IT projects on time and on budget, and that meet the organisation’s evolving expectations.

The report highlights the need to consider risk management issues from the early design stage of IT projects, and to clearly identify the actual likelihood of different types of risk occurring, and the actual cost to the organisation of any instances.

The Butler Group stressed the fact that the majority of problems exposed as IT failures actually have their roots in people and process failures, and it encouraged organisations to take a systemic approach to risk avoidance, as well as adopting appropriate IT technologies and methodologies.

“Only by understanding these variables can the cost of solutions be balanced against the level of business exposure, and the best-fit solution selected,” said Hailstone.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years