Enterprise risk management strategies guide for CIOs

Risk management is critical for enterprises embarking on new IT projects and plans. Take a look at these resources for insights and advice on risk management.

Risk management is critical for enterprises embarking on new IT projects and plans. There's the risk of offshore

outsourcing -- how do you ensure your data is safe in the hands of a worker in another country? There are also risks in managing compliance efforts. These include closing down your company or losing your position if the job isn't done correctly. How do CIOs calculate and manage risk? Take a look at the enterprise risk management strategies in this CIO Briefing for insight and advice on this important topic.

This guide is part of SearchCIO.com's CIO Briefings series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of the topics covered to date, visit the CIO Briefings section.

Table of contents

  Managing operational risk
  Table of Contents

The news headlines continue: systems failures, data breaches, project delays, troubled products, trading failures, money laundering through mobile networks. These are just some of the sinkholes in operational-risk land related to information technology. The question is, why? Why do they keep coming despite efforts to prevent them?

"Why can't I just get a single view of risk to the business, especially a particular business activity or process? What makes this so difficult?" an exasperated CIO asked me at an executive briefing held by a chapter of the ISACA IT security organization after I discussed IT-related business risk. "One bad business-IT decision killed our company!"

Analyzing IT-related risk in silos leaves gaps and frustrates business leaders. Responding to IT risk in silos increases cost, creates prioritization errors and unleashes other gremlins. Silos can lead to both fundamental errors (such as thinking that IT security equals IT risk management, or that IT compliance equals IT risk management) and more complex errors (such as missing the ways risks in a shared infrastructure affect business processes).

Learn more from contributor Brian Barnier in "All about the business: Critical insights on operational risk.” Also:

  Navigating social media risks
  Table of Contents

Developing corporate social media policies is an ongoing experiment akin to the struggle enterprises endured when the Internet and email were introduced as business tools. Enterprises should not assume, however, that the policies they developed over many years for Internet and email use are a perfect fit for social media.

"Companies are making a mistake when they say social media is the same as email and chat," said Julie E. LeMoine, a collaboration expert who recently codeveloped a large financial services firm's social media policies. "There's enough that is different about social media that you need to be blunt and state the [rules of behavior] again, even if they're the same words [used for older e-communications polices] -- which I doubt they will be."

For starters, e-discovery polices will change, given the free-for-all nature of social networking, according to Stew Sutton, principal scientist for knowledge management at The Aerospace Corp., a federally funded research and development center in El Segundo, Calif. His organization has no limits on email retention, but with "social conversations, wikis, blogs and tweet streams, the mass of data sitting out there becomes a problem," he said. The issues can make e-discovery "extremely costly."

Find out more in "Cost and content of social media policies vary widely by industry.” Also:

  Avoiding cloud computing risks
  Table of Contents

Following the recent downtime and data breaches at top-tier cloud service providers including Amazon Web Services LLC, Sony Corp. and Epsilon Data Management LLC, the risk deck has been shuffled at enterprises looking to move to hybrid cloud computing. Two risks that lurked in the middle of our top 10 list -- liability and identity management -- have floated to the top.

Once again, enterprise executives are talking about the need for cloud insurance, or at least a discussion about who is responsible when the cloud goes down. Presently, public clouds offer standardized service-level agreements, or SLAs, that offer remuneration for time -- but not for potential business -- lost during the downtime. Recent events could be opportunities for providers and CIOs to negotiate premium availability services, according to experts.

Learn more in "Cloud insurance and secure identity management alleviate SLA concerns.” Also:

  Overseeing technology risks
  Table of Contents

This is part of a SearchCIO.com Q&A with Wayne Mekjian, executive vice president and CIO of information services at Wells Fargo & Co., and Martin Davis, executive vice president and head of the company’s technology integration office, about the technology integration of Wells Fargo and Wachovia. In this interview, Mekjian and Davis share advice on avoiding integration pitfalls and explain how they created an “air space analysis” system and methodology to avert integration disasters. In “Wells Fargo and Wachovia: The technology integration of two giants,” Mekjian and Davis explained how they created a blended Wells Fargo/Wachovia technology model to begin converting 70 million banking customers while keeping service interruptions to a minimum.

The Wells Fargo and Wachovia merger creates a financial services organization with $1.3 trillion in assets and 280,000 employees. The technology integration encompasses 80 lines of business and 4,000 application bundles and involves more than a dozen CIOs, as well as integration leaders assigned to each line of business.

Read the interview in "A Wells Fargo roadmap to sidestep technology integration risks.” Also:

This was first published in September 2011

Dig deeper on Enterprise risk management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close