CA Community






This Blog
Syndication

Is Risk a negative word in your organization?

Published: April 06 2011, 12:13 PM
by Robert Stroud

"IT is too risk adverse!" was the statement that I heard today from a business representative at a major enterprise.  "IT put up barriers and all I want are solutions." These statements are becoming increasing frustrating for me to hear as is the description of IT by many users who tell me that IT's first answer to inquiries is always "no". 

Today, with the growing total dependence on IT for business and the expectation that IT like a utility is always available, IT is inheriting a significant portion of the risk associated with the business process.In the same manner that the business minimizes (or mitigates risk), IT must also adopt and execute this risk position. The perception is that IT in the past has been too sensitive to risk and would rather mitigate the risk or stop the process rather than assist the business in execution.

For example, some IT organizations decided to prevent their organizations using social media even when the business determined it a competitive advantage. Imagine if an organization where IT banned the use of cloud platforms, but the business circumvented IT and  hired programmers to write new applications outside the firewall and directly to the cloud platform? Implementing such tight control can backfire and cause the organization to be even more exposed as the rogue application may not use the organization's security policies.

Some simple guidelines for the implementation of effective enterprise risk management requires the development of a risk culture that considers the implications of risk and identifies process to determine if a risk should be accepted for business benefit or mitigated with appropriate controls.

The steps involved include:

  • Identify the organizations risk appetite and tolerance
  • Identify responsibilities and accountability for Risk Management
  • Create an awareness program and communicate

Risk management is the responsibility of all IT professionals. Over the next few weeks I will further detail how to deliver effective risk management and how to leverage it for competitive advantage.

Share this post:  
Tags: , , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit