This is another well-known area for CIOs. But still, don't underestimate the risks! I have experienced an international company with a non-redundant core business system, one listed company where the communication network had a single point of failure just outside the head office and one company that had outsourced its WAN to a vendor that did not provide a back-up solution causing 24 hours total downtime for that business. Almost daily, we read headlines about major IT disturbances in Banks, Food and Retail, Transportation even airports , the Public sector and others including some of the largest and most successful IT companies.
Bottom line though, it is about investigating all relevant areas from server rooms, hardware, networks, power supply, Business Disaster Recovery planning, configuration and change management and so forth. It can be helpful to look at the history of IT disturbances and to understand, not only frequency and severity, but what the organisation has done to make sure the root cause was resolved. This is nothing but hard and continuous work and work that should be prioritised.
I have listed a handful of categories to consider as well as some relevant questions that should give an indication of the current risk situation. Depending on your line of business you may want to expand that list with areas like SW development and testing, operations, manufacturing, logistics and so forth.
Software Risk Management A Practical Guide
It is vital that the IT function regularly document processes, code changes, configurations and so forth. Unfortunately, it is also common that "fire fighting" daily issues interfere with proper standards and procedures, documentation, training and BDR planning and rehearsals.
When was the last full scale BDR exercise held?
What does the change management documentation look like? Are all processes and procedures documented? Is ITIL implemented? Are job and role descriptions in place?
What is IT governance? A formal way to align IT & business strategy
As an example, I was in close contact with a large business that had invested in process development throughout the Group, except for the IT function and its project management processes. What has the HR function to do with operational risk? It is about securing that the right competencies are in place within IT and don't represent single point of failures. Do you have succession plans and relevant documentation in place allowing a quick replacement, should key staff suddenly leave?
Many years ago an entire IT operations team resigned the very same day in an international company that was planning to outsource IT operations — the company had no choice but to re-hire the entire team as contractors, at a significantly higher cost. Do you have a documented, approved and communicated IT strategy?
Practical Risk Management for the CIO | Taylor & Francis Group
Are there technical and system road maps and an architectural target picture in place? Are there performance management controls to effectively monitor and control the IT function's delivery? Global companies that failed to align IT strategies with market opportunities such as digital innovation include a well-known photo technology provider and one of the oldest music industries in the world. CSR including environment has rapidly grown in importance.
- Software Risk Management A Practical Guide | Department of Energy.
- IT risk management?
- If Chasing Appaloosas 5.
- Polydora (The Epic Erthelba Series Book 2)!
- IT risk management - Wikipedia.
Are there processes and technology in place that minimise energy consumption by IT and in premises? Do you measure the reduction of paper consumption and air travel? Is there an environmental policy communicated throughout the organisation? Does the organisation have control of subcontractors child labour, environmental issues? The growing complexity of today's interconnected systems has not only increased the need for improved information security, but also helped to move information from the IT backroom to the executive boardroom as a strategic asset.
And, just like the tip of an iceberg is all you see until you run into it, the risks to your information are mostly invisible until disaster strikes. Detailing procedures to help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security.
It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability. Information is one of your most valuable assets. If you aren't on the constant lookout for better ways to manage it, your organization will inevitably suffer.
Get this edition
Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents. This is an exceptionally well-written primer for anyone responsible for corporate information risk management. It's obvious that the author has regularly encountered and solved the problems he describes in the course of his three decades in Canadian government and justice IT, and he has an appealing no-nonsense approach.
I can unhesitatingly recommend it, not only to CIOs but also to anyone tasked with protecting corporate information assets, whatever the level of their role. It imparts understanding, which is vastly more useful than mere facts. An excellent holistic primer on corporate information management. The author's credentials are fully justified by the clear, concise and informative text. Read more in project management.
If you're unsure how to create a Risk Register and the following the following is a brief guide on how to get started in just a few steps:. The risk register addresses risk management in four key steps: 1 identifying the risk, 2 evaluating the severity of any identified risks, 3 applying possible solutions to those risks and 4 monitoring and analysing the effectiveness of any subsequent steps taken. By learning how to create a Risk Register, you can be proactive about managing your projects and handling any risks associated with them. Any issues that are likely to impact upon the success of your project and the speedy completion of the project is categorised as risk.
Implementing strategies to handle this, such as a risk register, will help to prevent risk from becoming an issue that may cause significant delays or even lead to the project failing. Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.
Membership is free, and your security and privacy remain protected.