Where Is Your Risk Assessment?

One of the few analyses that are overlooked in most IT departments is a comprehensive risk assessment.

A risk assessment should identify, analyze, and weigh all the potential risks, threats and hazards to a company’s internal and external business environment. 

The process of identifying risks/threats, probability of occurrence, the vulnerability to each risk/threat and the potential impact that could be caused, is necessary to prepare preventative measures and create recovery strategies.  Risk identification provides a number of other advantages to a company including: 

  • Exposes previously overlooked vulnerabilities that need to be addressed by plans and procedures
  • Identifies where preventative measures are lacking or need reevaluation
  • Can point out the importance of contingency planning to get staff and management on board
  • Will assist in documenting interdependencies and point out single points of failures

An effective risk management process is an important component of a company’s MIS department. The principal goal is to protect a company and its ability to perform its mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT, but as an essential management function of the organization.

Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This assessment provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help a company better manage IT-related mission risks.

Issues Facing CIOs Today

What issues are you addressing today in your organization? Is it a blend of business, strategic, leadership, and technology?

Here is my list (in no particular order) of issues facing CIOs today:

  1. Securing of sensitive data
  2. Compliance and information risk management
  3. Increasing regulatory oversight
  4. Willingness to share information and adopt best practices across the organization locally and globally
  5. Enterprise resilience to guard against disruptions
  6. Fully Integrating of applications and software across the enterprise while lessening the overall maintenance and upkeep
  7. Cost-effective IT operations and compelling ROIs for tech investments
  8. Effective governance practice
  9. IT/Business alignment
  10. Green Computing
  11. Budget reductions
  12. Off-shoring/on-shoring/re-shoring
  13. Cloud Computing
  14. Social Media
  15. Staff hiring and retention

Being aware of challenges and issues is important for any successful CIO’s management strategy. Any list of issues or top priorities facing CIOs is open to debate. However, having the debate is important because it brings the issues out into the open. What’s most important is that CIOs do not fall into a reactionary mode of operation and management. Doing so is easy especially during times of economic distress, it is easy to react to issues rather than to plan and execute.

What issues are your facing today? Let us know and continue the debate?

Further Reading:

Global CIO: The Top 10 CIO Issues For 2009 by Bob Evans

Top Issues for CIO’s by Eric D. Brown

The Top Business Issues facing CIOs / IT Directors by Peter Thomas