Gartner Says IT Needs To Better Manage Risk
Despite IT operations becoming more integral to a company's business success,
larger enterprises have failed
to adjust their processes
for IT decision making and risk-management. This
assertion was made yesterday at the Gartner Symposium/ITxpo 2007 conference
in Orlando by Richard Hunter, group vice president and Gartner fellow in Gartner
Hunter, who co-wrote the recently released book IT Risk: Turning Business
Threats into Competitive Advantage, also said there has been an increased
dependence on the "smooth functioning" of IT, which has served only
to amplify the business impact of IT risk incidents.
"IT risk incidents harm constituencies within and outside companies,"
Hunter said. "They damage corporate reputations and expose weaknesses in
companies' management teams. Most importantly, uncontrolled IT risk dampens
an organization's ability to compete."
Hunter defined IT risk as a threat to any of four business objectives: the
availability of IT systems and business processes; the right people in an organization
having access to the data and systems; the reliability of IT systems to provide
accurate and timely information; and the agility of IT systems to change if
a company either acquires another organization or implements a significantly
different business process redesign.
IT risk factors are something to be managed, not eliminated, Hunter said, adding
that proper management means making trade-offs between risk and return, between
the perils a company can bear and the risks it would rather avoid. Until now,
however, business managers haven't had the tools or disciplines to manage IT
He suggested there are three disciplines IT managers should learn to manage
IT risk, including a foundation of IT assets, people and supporting processes,
a well thought-out risk governance structure and process, and the establishment
of a risk-aware culture that attunes users to the causes and possible solutions
for IT risks.
Posted by Ed Scannell on 10/11/2007 at 1:23 PM