A risk management strategy is essential to every business, not only to protect sensitive customer information, but also to minimize the effects of risk on the organization's capital and earnings. And while risk management is a vital component of an overall business strategy, prioritizing risk can often be a difficult task.
As a result, there are many questions that need to be answered when implementing a risk management policy. What are the must-have elements of a risk management strategy? Is enterprise resource planning right for you? What risks should you consider when choosing a vendor? Learn how to develop an effective risk management strategy for better business performance results and successful alignment of risk initiatives with compliance standards, in this CIO guide.
This guide is part of SearchCIO-Midmarket.com's Midmarket CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics. For a complete list of topics covered to date, visit the Midmarket CIO Briefings section.
- Keys to an effective risk management strategy
- Vendor selection tips
- Is an enterprise resource planning system right for your organization?
- Risk management and compliance
- More resources
| Keys to an effective risk management strategy
Table of Contents
When people associate the word risk with IT, the first thing that often comes to mind is some Third World hacker breaking into the corporate network to steal sensitive customer information for resale on the black market. Or they envision a lost or stolen laptop containing millions of transaction records, credit card numbers and so forth. After all, these kinds of events, when they occur, are often big news and are highly visible.
These two examples are only a small part of what should be mitigated through the use of a comprehensive risk management strategy. However, just like any other business initiative, a risk management strategy has to be a business priority, and it's entirely possible -- and even likely, in some cases -- that some organizations will pick and choose which components to include in an overall risk management plan, and may intentionally ignore or choose to postpone specific pieces.
Regardless of the organization, taking good backups must be a universal part of an overall risk management strategy, although the exact method may vary.
Learn more in "Backup quality testing key to risk management strategy." Also:
- From IT risk management to IT business risk management in five steps
Recent surveys have found that the primary driver of IT risk management is improved business performance. Follow these five steps for better business performance.
- Risk management and agile principles in cloud computing
To maintain regulatory compliance in adopting cloud computing, apply risk management and agile development principles.
| Vendor selection tips
Table of Contents
One of the most challenging issues IT managers face is vendor selection. Vendors can range from consulting partners and hardware providers to software manufacturers and service organizations. Partnering with a vendor is often the right idea for small to medium-sized organizations, which tend to lack the in-house expertise required for point projects and the resources to form staffs focused on specific technologies. However, choosing the right vendor is crucial, since the decisions it makes will often affect your organization in the long term.
In the end, only time will tell if your partnership will work properly, but a standard and strict vendor selection process should reduce the potential for error.
Find out how in "Five vendor selection tips for midmarket CIOs." Also:
- Vendor contract management key to cutting costs through renegotiation
Enterprises are finding ways to use vendor contract management as a means to cut costs by renegotiating contracts down to the maintenance-clause and business-unit levels.
- Seven tips for cutting vendor maintenance on business applications
CIOs are cutting vendor maintenance contracts in the face of tight budgets. Locking down your apps before going off maintenance is key. Here are seven steps to take.
| Is an enterprise resource planning system right for your organization?
Table of Contents
An enterprise resource planning (ERP) system can be a good way to organize and manage the internal and external resources that keep your business humming. An ERP system can also be a complex addition to your organization, and midmarket businesses in particular must decide whether they are ready to capture and leverage efficiencies enabled by an ERP implementation vis-à-vis the expenditure of capital and effort.
ERP's ultimate goal -- its delivery -- is to unify the enterprise's common purpose, assets and information. It provides an overarching system of control and facilitates sharing to eliminate redundancies.
Learn more in "Assessing the need for an enterprise resource planning system." Also:
- Outsourcing trends: Waiting on cloud, CIOs eye two-tier ERP model
As CIOs wait for public-cloud offerings to mature, they look to offshore providers for services that confer competitive advantage. First up: a two-tier ERP or hub-and-spoke model.
- As ERP system implementation goes live, ERP benefits start accruing
In this case study of Peet's Coffee's ERP system implementation, the CIO decides between a big bang or phased go-live and begins accruing ERP benefits.
| Risk management and compliance
Table of Contents
Almost any business activity involves risk. Acceptance of risk in concert with a structured risk management approach suggests that shrewd business leaders want to focus on a risk-based way to approach things. This doesn't mean avoiding risk -- it means using a process that helps identify and minimize risk, while allowing the firm to focus on its core competencies. This is where compliance plays an important role.
While the ISO 31000 standard is only a year old, it's already accepted as one of the primary strategies for risk management. Other notable risk management standards, such as the National Institute of Standards and Technology's SP 800-30, should also be considered when developing a risk management program.
Find out more in "How compliance with ISO 31000 supports risk management initiatives." Also:
- Using metrics to enhance information risk management
Risk management metrics can dramatically improve your information risk management and compliance initiatives. But regulatory compliance officers have to take the initiative.
- Are you in compliance with the ISO 31000 risk management standard?
The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard.
| More resources
Table of Contents
- Risk management for the midmarket (SearchCIO-Midmarket.com resource center)
- Enterprise Risk management (SearchCIO.com resource center)