View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
December 18, 2008

IT risk management: needs to be treated as a corporate issue

Organizations that treat IT risk management as a technology issue rather than a corporate one will leave themselves exposed to numerous problems that could threaten the health of their entire business. While technology support will be required, IT risk management is just as much an organizational issue that relies on putting the right people in the right roles with the necessary guidance.

By CBR Staff Writer

Although technology is important, IT risk management should be tackled at a corporate level.

Given that failing to manage IT risks sufficiently poses a serious threat to any organization, it follows that IT risk management efforts should have senior executive sponsorship and form part of the broader corporate risk management initiative, according to a new Butler Group report.

While IT risk management is becoming increasingly critical, the growing complexity of IT systems – including their distributed nature, remote and mobile access, and direct support for access by external users – has made risk management more difficult. At the same time, the degree of dependency on IT services has escalated, with many organizations suffering significant financial penalties after only a short period of unavailability.

Headline incidents detailing the careless loss of sensitive information continue to cause considerable embarrassment to corporate executives, and increasingly lead to direct or indirect financial penalties. Additionally, the IT industry still has a long way to go to improve its track record for delivering IT projects that are on time, on budget and meet the organization’s evolving expectations.

Risk management issues should, therefore, be considered from the early design stage of IT projects, and the actual likelihood of different types of risk occurring should be identified, as should the actual cost of such risks to the organization.

According to Butler Group, businesses can achieve the ultimate aim of becoming risk-aware throughout the enterprise by implementing a number of strategies. However, while utilizing appropriate technology solutions is important, formalizing risk management through senior business executive sponsorship and the creation of dedicated risk management roles within IT is paramount.

Indeed, the majority of problems that get exposed as IT failures actually have their roots in people and process failures and, as such, organizations should take a systemic approach to risk avoidance, as well as adopting appropriate IT technologies and methodologies. Ultimately, only by understanding these variables can the cost of solutions be balanced against the level of business exposure, and the best-fit solution selected.

Content from our partners
An evolving cybersecurity landscape calls for multi-layered defence strategies
An evolving cybersecurity landscape calls for multi-layered defence strategies
Powering AI’s potential: turning promise into reality
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways

Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU