cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
shaegivens
Retired

Still managing your IT Risk like it’s 1999? I’m sure you’ve watched technology drastically change the way we do business in the last couple of years, let alone in the last couple of decades! From mobility, to BYOD (Bring Your Own Device), the Cloud, and IoT (Internet of Things), let’s face it – times have changed. These changes have opened new doors for consumers, revolutionized uses and transformed society. These days, CIOs are well aware of the new era we have entered: the digital age.

As one of the ambassadors who has helped usher in this game-changer, CIOs continue to seek new and innovative solutions to manage IT risks in the cheapest and most streamlined way possible, while improving security and trust. How would one begin this search? By questioning two common practices:

  • confining IT risk within the IT department,
  • IT Project Managers and IT Risk Managers working independently from one another.

Confining IT Risk within the IT Department

IT risks such as maintaining business continuity, data security, IT compliance with regulations, and protection against cybercrime are not just IT issues. They span the entire organization and affect every department, from sales and marketing to finance and legal, because they have a direct impact on business performance.

Let’s take a look at damages caused by cybercrime. According to a 2015 Grant Thornton International Business Report, one in six businesses experienced a cyber-attack in 2014 with a total cost of attacks globally estimated to be at least $315 billion USD.

New technology (both hardware and software) can present threats to profitability and more importantly, security. To ensure that a robust risk management system is put in place, CIOs must involve the entire organization in order to align all priorities and business goals. They will need to find links between the potential impacts of the risks and the company’s processes and objectives.

IT Project Managers and IT Risk Managers working independently from one another

ITPM (IT Portfolio Management) enables IT managers to obtain a 360ᵒ view of all applications, their functional coverage, their impact on the operational performance of business processes and the relationships between the information within the various system components.

ITRM (IT Risk Management) provides a complete view of all IT risks, threats and vulnerabilities, dependencies with suppliers (e.g. SaaS models), and the risks of non-compliance. Operational business performance is directly threatened by new IT risks, therefore, it is essential that IT managers and risk managers collaborate and share their views of their respective portfolios. Both teams need to understand the applications that support the various departments in order to help them identify where the most critical risks exist. For CIOs, complete visibility into the risk process allows them to better understand and measure their level of impact on the entire organization.

Embedding the risk component (ITRM) into your ITPM is a smart way to manage IT risk. This allows the CIO to gain the agility and responsiveness essential to ensuring his/her role as an organizational leader in the business’ successful performance. To learn more, download our white paper: IT Portfolio Management – Boost Business Value by Incorporating Risk.