IT risk management needs to be treated as a corporate issue

This is one of the key conclusions to be drawn in new report, recently published by one of Europe's leading IT research and advisory organisations, Butler Group. The report, IT Risk Management, says that while technology support will be required, this is just as much an organisational issue with the emphasis on putting the right people in the right roles, and giving them the necessary guidance and authority.

“The consequences of failing to manage IT risks pose a serious threat to any organisation” says Rob Hailstone, Software Infrastructure Practice Director at Butler Group. “It follows that IT risk management efforts should have senior executive sponsorship and form part of the broader corporate risk management initiative.”

The increasing complexity of IT systems including their distributed nature, remote and mobile access, and direct support for access by external users have made risk management both more critical and more difficult. At the same time the degree of dependency on IT services has escalated, with many organisations suffering significant financial penalties after only a short period of unavailability.

Headline incidents detailing the careless loss of sensitive information continue to cause considerable embarrassment to corporate executives, and increasingly lead to direct or indirect financial penalties. Additionally, the IT industry still has a long way to go in improving its track record for delivering IT projects on time and on budget, and that meet the organisation's evolving expectations.

The report highlights the need to consider risk management issues from the early design stage of IT projects and to clearly identify the actual likelihood of different types of risk occurring and the actual cost to the organisation of any instances. It deals with the business, organisation, technology, and standards issues that should be considered when planning an IT risk management initiative and the impact that this is having on the market for supporting technologies and how vendors are responding to the challenges.

Butler Group stresses the fact that the majority of problems that get exposed as IT failures actually have their roots in people and process failures, and it encourages organisations to take a systemic approach to risk avoidance as well as adopting appropriate IT technologies and methodologies. “Only by understanding these variables can the cost of solutions be balanced against the level of business exposure, and the best-fit solution selected,” says Hailstone.

Notes

Butler Group's report IT Risk Management provides a comprehensive analysis of the best practices in planning an IT risk management strategy. The report:
• Provides information on standards and methodologies that are available to guide an organisation through the steps needed to become risk-aware throughout the enterprise.
• Describes 20 of the most important vendors that provide technology solutions for the management and mitigation of IT risks.
• Introduces the need to formalise risk management through senior business executive sponsorship and the creation of dedicated risk management roles within IT.
• Describes how to quantify risks as an essential first step to ensuring that only cost-justifiable solutions are implemented.
• Outlines the changing nature of disaster recovery and business continuity requirements forced on us by the escalation of both natural and man-made catastrophes.
• Discusses the high-profile issue of security implications and the way that these have been changed by cheap, high capacity portable storage media and the proliferation of internet access.
• Examines the risks associated with the potential failure of new IT projects to deliver on-time and on-budget, or to deliver functionality that is not what the business actually requires.

Butler Group) is one of Europe's leading independent IT Research and Advisory organisations. Its mission is to ensure that its clients are the most comprehensively informed IT and business managers on current, emerging, and future technology matters, and their impact on business - in short, "Analysis without compromise".