Business Innovation Homepage > Governance

As a matter of course, businesses have to manage operational risks in a variety of areas, including internal and external fraud, worker discrimination, employee health and safety, product defects, terrorism, natural disasters and power failures.

With the growing reliance on technology to support many business processes, IT is becoming an increasingly important part of the risk management strategy. The operational risks that involve some aspect of IT include theft or damage of information, failure to comply with federal regulations, software and hardware failures, network outages, data entry errors and lack of adequate data backup.

As technology continues to factor into so many aspects of business operations, CIOs and other high-level technology executives will likely play a greater role in their organization's risk management planning and execution, experts say.

One of the key drivers of IT's increased involvement in risk management is the growing use of mobile technology, says Ruben Melendez, president and CEO of Glomark-Governan, a consulting firm that helps organizations forecast and track the value of technology investments.

Organizations are realizing that mobility—for example, providing users with laptops and PDAs/smart phones, and with applications that can be accessed from anywhere—has many business benefits, Melendez says. "However, there is a substantial increase in risk associated with mobility," he says. Examples include lost and stolen assets and the associated costs, and loss of personal information including highly confidential data such as Social Security numbers, employees' records, and critical business information that might not be properly backed-up.

"While the actual cost of replacing both personal and business information remain very high, the social and legal impacts of losing personal information can result in lawsuits against the company and an overall tarnished image," Melendez says.

Also driving IT's involvement in risk management is the growing reliance on systems to support facilities management. "Utilities such as electricity and gas, which are critical in running business processes, have now become more dependant on IT software," Melendez says. "If an IT system is down, even for a few minutes, it causes a tremendous ripple effect, leaving many business processes inoperative." In some industries, such a failure can result in catastrophic errors and losses for the company, he says.

CIOs are getting more involved in risk management, in some industries more than others, Melendez says. He says a senior IT manager at one of the largest banks in the U.S. recently told Glomark-Governan that he had attended an IT management conference for banking industry IT executives at which, he estimated, about 80 percent of the discussions and presentations were about IT risk.

Glomark-Governan analysts have found that the cost of risk management in the 1990s was about 6 percent of the total cost of opportunity of an IT asset. That percentage has increased to nearly 14 percent today, Melendez says.

IT executives are spending more time in risk management to ensure that technology investments that create risk, such as mobile devices, are managed properly to mitigate the risk. They're also adapting their IT organizations to better manage risk and search for tools and processes that reduce risk, Melendez says. And they're making certain that business unit directors and executives fully understand both IT and business-area strategic goals to collaboratively manage and mitigate risks.

Click here for more Governance articles