One of my favorite topics of conversation with clients is around Risk Management. This is not because I am a believer in FUD (Fear, Uncertainty and Doubt) it is because effective Risk Management can lead to increases in efficiency, better communication with the business and a focus on governance and process. There is no doubt that EVERY IT Department needs to look at and understand Risk…but there is generally a very large gap between the companies that I work with that have a mature Risk Management profile and those that don’t.
In a very well thought out article over at TechRepublic titled “10 IT Risk Management Issues that are often overlooked” I found it very interesting that the perspective that they took was both to the macro big picture items as well as getting into the weeds…all in one short article. For organizations that are struggling with their IT Value Proposition, I firmly believe that the Big Picture needs to be the focus…at least initially.
Conducting a Risk Assessment can be a costly affair. I have had clients tell me that they have been quoted in the 10’s of thousands of dollars to have a consultant come in and perform a top level risk assessment and provide them a report and walk away. In this age of shrinking budgets and a focus on alignment of goals this is just not good enough anymore. While I can help as a Sales Professional for a Leading IT Research Firm…this is not what Krispy’s Rants is all about.
Defining and focusing on Risk from the perspective that it adds value to the business and gains a key decision making seat in the board room should be the key. There are many instances that while developing a Risk Profile it is important to look at Risk Tolerance and find savings too!
Some areas of the Big Picture of Risk Management that are important to remember are:
- Communicate, Communicate, Communicate – This is not an advocacy for being the boy that cried wolf but to have your voice heard, it is key to have your finger on the pulse of the business. Identify and foster key relationships so that IT’s voice is heard.
- Avoid the Hero Culture – The smaller the company or department the more likely this is to occur but the Hero Culture of knowledge hoarding is dangerous. Share the information and the responsibility to both mitigate and reduce risk.
- Disaster Recovery and Business Continuity – Understand what the business needs are and be able to focus on the Service Delivery. It is not always about the big ticket disasters, it is about the down time of a server that never goes down…that is a disaster.
With 1 week left before the end of days and the collapse of civilization…it is more important than ever to look to your DR Plan. Well I doubt many organizations included the end of the Mayan Calendar in their DR Plan but just in case…it might be worth a quick review.
Chris J Powell