The velocity of change
What’s the fix?
4 steps for CIOs
- Understand the risks
- Identify the risks
- Mitigate the risks
- Evolve risk management and process
There are four steps CIOs can take to help mitigate the risks in an evolving technology environment:
- Understand the risks. As the pace of technology changes accelerates, a new set of risks emerge. In addition to external threats, IT functions face evolving internal threats and potential misuse as they attempt to blend the use of new technologies within their IT infrastructure.
- Identify the risks. The complex factors that drive uncertainty and risk need to be effectively adapted to the design and implementation of governance, processes, controls and tools. As the degree of IT project complexity increases, the risk of failure or of not meeting the IT project objectives also increases.
- Mitigate the risks. A comprehensive risk management strategy is key to mitigating risks. Once risk factors have been identified, they can be managed throughout all stages of the evolution. The probability and impact of each risk need to be evaluated, highlighting the highest risks, as well as sequencing the remediation. It is important to note that not all of the risk management strategies will be technical in nature. Some will involve policy changes and increases in awareness training. IT functions should plan for 90% of the risks, understanding that 10% of the risks will be in constant flux.
- Evolve risk management and controls processes. Additional lines of defense are also key in ensuring IT program success. Elements include:
- Appointing experienced and dedicated risk managers
- Creating a risk committee that is tasked with managing and monitoring the end-to-end risk program
- Enhancing the role of internal audit
- Leveraging external risk experts to complement or extend knowledge beyond the experiences within your organization
<< Previous | Next >>
Answers to your questions, at a glance