How to Focus Technology Risk Management to Business Risk |
|
Most organizations are critically dependent on technology to operate in the modern world. For these organizations, technology risk management often becomes a one-dimensional exercise: an obsession with the technology rather than the business it supports. Consider an information technology (IT)-centric metric such as “99.9% server availability.” The metric sounds interesting, perhaps even impressive, but it is insufficient on its own. What is critically missing is a business risk management perspective: What are the potential business consequences of the 0.1% of the time the server is unavailable? This is the question that really needs to be answered. Comprehensive, detailed assessment of risks requires aligning technology risk management and business risk management. Achieving this goal is not easy, but it is essential to establish a transparent and understandable link between the two elements to better achieve company objectives. The general steps required to achieve an effective alignment of the two perspectives include:
As companies begin to work toward alignment, it is important to remember that the process may take time. Misalignment is so prevalent because it runs deep and is often embedded into IT organizational processes and habits. Fixing this requires patience and organizational fortitude. Once implemented, however, risk alignment not only leads to operational efficiencies but yields other positive byproducts, such as facilitating IT funding requests. Budget increase requests tied to improving specific or critical business operations are likely to be considered more seriously than requests for general IT asset improvements. Ultimately, alignment of IT and business needs leads to a more nimble organization that is better equipped to manage emerging technology risks and support innovation vital for success. This post was published originally on The Protiviti View by Protiviti Inc. Copyright 2015. Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit (www.protiviti.com). Ed Page is the managing director and FSI IT Consulting practice leader at Protiviti, and Jonathan Wyatt is the IT Consulting practice leader. |