Six Predictions for the CIO in 2011: Part 4 - Risk Management will become the friend of the CIO, no longer an enemy - CA on Service Management

This Blog

Home
Contact

Syndication

Six Predictions for the CIO in 2011: Part 4 - Risk Management will become the friend of the CIO, no longer an enemy

Published: March 16 2011, 01:44 PM
by Robert Stroud

Prediction 4 is simple. I'm predicting that more and more CIOs will start automating IT Risk Management processes. The time has come to make the shift.

Risk is part of everyday life--just think about crossing the road. You have multiple choices of where to cross and there are risks associated with each option. For instance you could cross at the traffic light at the appropriate time with minimal risk or run across a busy freeway without looking for traffic probably at maximum risk. Based on the environment and the opportunity you may modify the behavior or choose not to accept the risk.

Risk IT defines, and is founded on, a number of guiding principles for effective management of IT risk related to the delivery of IT enabled business. The principles are based on generally accepted enterprise risk management principles. Management of business risk is an essential component of the responsible administration of any enterprise. Almost every business decision requires the executive or manager to balance risk and reward.

With the increasing importance of IT to the overall business, IT risk should be treated like other key business risks, such as strategic risk, environmental risk, market risk, credit risk, operational risks and compliance risk, all of which fall under the highest ‘umbrella' risk category: failure to achieve strategic objectives. While these other risks have long been incorporated into corporate decision-making processes, too many executives tend to relegate IT risk to technical specialists outside the boardroom.

The fundamental challenge is that IT often looks to mitigate all rather than making a determination of the appropriate response to risk. In 2011/2012 with the increasing rate of change, implementation of additional sources of service delivery with increasingly complex service delivery chains IT is going to require the automation of risk assessment to understand when to accept the risks for competitive advantage and when to mitigate them.

Some tips for effective management of business enabled IT risk includes:

Always connects to business objectives
Aligns the management of IT-related business risk with the organizations Enterprise Risk Management program (ERM)
Balances the costs and benefits of managing IT risk
Promotes fair and open communication of IT risk
Establishes the right tone from the top while defining and enforcing personal accountability for operating within acceptable and well-defined tolerance levels Is a continuous process and part of daily activities

Remember, your risk appetite will drive your organisation's risk posture.

Share this post:

Tags: IT, CIO, risk management, service management, risk assessment, service delivery chains, rob stroud, six predictions, competitive advantage, IT risk management

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Comments:

No Comments

* An asterisk indicates a required field

* Name:

Website:

* Comment:

Remember Me?

Submit

CA Community

Six Predictions for the CIO in 2011: Part 4 - Risk Management will become the friend of the CIO, no longer an enemy

Leave a comment

Leave a Comment