Although technology is important, IT risk management should be tackled at a corporate level.
Given that failing to manage IT risks sufficiently poses a serious threat to any organization, it follows that IT risk management efforts should have senior executive sponsorship and form part of the broader corporate risk management initiative, according to a new Butler Group report.
While IT risk management is becoming increasingly critical, the growing complexity of IT systems – including their distributed nature, remote and mobile access, and direct support for access by external users – has made risk management more difficult. At the same time, the degree of dependency on IT services has escalated, with many organizations suffering significant financial penalties after only a short period of unavailability.
Headline incidents detailing the careless loss of sensitive information continue to cause considerable embarrassment to corporate executives, and increasingly lead to direct or indirect financial penalties. Additionally, the IT industry still has a long way to go to improve its track record for delivering IT projects that are on time, on budget and meet the organization’s evolving expectations.