Posted By Industry Perspectives On March 5, 2013 @ 8:30 am In Industry Perspectives | No Comments
Hani Elbeyali is a technology strategist for Dell . He has 19 years of IT experience and is the author of Business Demand Design methodology, which details how to align your business strategy with your IT strategy. His previous post was Demonstrating IT Value, Illustrated .
Businesses are always trying to minimize risk to the enterprise, but smart leaders realize that profits are sometimes the rewards earned for taking educated risks. Once a manager understands that risks and rewards (or benefits) are positively correlated, the next step may be to expect that the higher well-calculated risks, the higher expected returns are going to be. This concept applies to the IT organization because it’s part of the overall process of any enterprise’s need to “get things done.”
Risk, according to financial theory, refers to the unpredictability of outcome. “While financial measures of risk, such as volatility and standard deviation, measure the upside and downside of deviations from the expectations, only downside variability to be the true measure of risk”, states Mukul Pareek, in his article “Information System Control Journal.” What we infer from this statement is the risk is only represented by the downside of the expected return, and not the upside. In contrast, IT risk or downside is represented by the measurement of the potential for an unplanned event, internal or external; resulting into a failure or misuse of IT to threaten an enterprise objective; and it is no longer confined to a company’s IT department.
Planning for risks can be huge undertaking. Because the risk permutations count are beyond the capabilities of one article, I wanted to give an illustration of an Enterprise Resource Planning (ERP) risk failure, and the volatility of an enterprise risk for taking on such project. ERP potential risks can be measured in two stages: during implementation and post deployment.
During Implementation: Internal factors
Post Deployment: Internal and External factors
According to a Harvard and Gartner “IT risk” research report, “Most IT risks arise not from technical or low-level people issues but from the failure of the enterprise’s oversight and governance processes for IT. Such failures produce a series of poor decisions and badly structured IT assets that are manifested as ineffective IT governance, uncontrolled complexity, and inattention to risk. Many of the risk factors are symptoms of common condition, ineffective implementation of IT governance.”
Everyday decisions that managers make commit their organizations to different levels of risk for which they must seek appropriate rewards. Figure 1 (above) reflects the positive correlation between risk and return in four stages:
Each accepted project will increase or decrease the overall risk of the organization by quantities that may appear insignificant in the larger context, but aggregate to determine the overall risk of the organization. Holistically, this drives the entire organization up or down the risk and reward curves.
Effective implementation of enterprise IT projects requires alignment of IT management decisions with the organization business strategy, and risk governance. Overall, governance achieves three goals: effective use of IT by people, IT decisions properly processed among various IT departments, and tracking and reporting projects in a structure. IT governance, governs what decisions must be made based on the organization appetite to risk, who should make the decisions, this provides checks and balances, and finally, structuring how decisions are made.
An IT risk incident has the potential to produce substantial business consequences that touch a wide range of stakeholders. Once an organization starts to invest wisely in IT, it will turn IT into competitive-advantage weapon, but equally, it will grow its dependency on IT. As a result, IT becomes part of the organization fabric of business risk; therefore. It’s required that, when IT executives make decisions they need to understand the organization’s risk portfolio and the organization’s appetite to risk. In short, IT risks matters—now more than ever.
Please note the opinions expressed here are those of the author and do not reflect those of his employer.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process  for information on participating. View previously published Industry Perspectives in our Knowledge Library .
1 Harvard Business School, Turning Business Threat Into Competitive Advantage 2007.
Article printed from Data Center Knowledge: http://www.datacenterknowledge.com
URL to article: http://www.datacenterknowledge.com/archives/2013/03/05/understanding-it-risks/
URLs in this post:
 Dell: http://www.dell.com/content/topics/global.aspx/services/adi/data_center?c=us&l=en&cs=555
 Demonstrating IT Value, Illustrated: http://www.datacenterknowledge.com/archives/2013/01/29/it-value-illustrated/
 Image: http://www.datacenterknowledge.com/wp-content/uploads/2013/02/risk-return.png
 guidelines and submission process: http://www.datacenterknowledge.com/industry-perspectives-thought-leadership/
 Knowledge Library: http://www.datacenterknowledge.com/archives/category/perspectives/
Copyright © 2012 Data Center Knowledge. All rights reserved.