Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

CIO guide to creating a midmarket risk management strategy

Learn how to develop a risk management strategy in this CIO guide, with tips that can help you boost business performance, prioritize risk and meet regulatory requirements.

A risk management strategy is essential to every business, not only to protect sensitive customer information, but also to minimize the effects of risk on the organization's capital and earnings. And while risk management is a vital component of an overall business strategy, prioritizing risk can often be a difficult task.

As a result, there are many questions that need to be answered when implementing a risk management policy. What are the must-have elements of a risk management strategy? Is enterprise resource planning right for you? What risks should you consider when choosing a vendor? Learn how to develop an effective risk management strategy for better business performance results and successful alignment of risk initiatives with compliance standards, in this CIO guide.

This guide is part of SearchCIO-Midmarket.com's Midmarket CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics. For a complete list of topics covered to date, visit the Midmarket CIO Briefings section.

Table of contents

  Keys to an effective risk management strategy
  Table of Contents

When people associate the word risk with IT, the first thing that often comes to mind is some Third World hacker breaking into the corporate network to steal sensitive customer information for resale on the black market. Or they envision a lost or stolen laptop containing millions of transaction records, credit card numbers and so forth. After all, these kinds of events, when they occur, are often big news and are highly visible.

These two examples are only a small part of what should be mitigated through the use of a comprehensive risk management strategy. However, just like any other business initiative, a risk management strategy has to be a business priority, and it's entirely possible -- and even likely, in some cases -- that some organizations will pick and choose which components to include in an overall risk management plan, and may intentionally ignore or choose to postpone specific pieces.

Regardless of the organization, taking good backups must be a universal part of an overall risk management strategy, although the exact method may vary.

Learn more in "Backup quality testing key to risk management strategy." Also:

  Vendor selection tips
  Table of Contents

One of the most challenging issues IT managers face is vendor selection. Vendors can range from consulting partners and hardware providers to software manufacturers and service organizations. Partnering with a vendor is often the right idea for small to medium-sized organizations, which tend to lack the in-house expertise required for point projects and the resources to form staffs focused on specific technologies. However, choosing the right vendor is crucial, since the decisions it makes will often affect your organization in the long term.

In the end, only time will tell if your partnership will work properly, but a standard and strict vendor selection process should reduce the potential for error.

Find out how in "Five vendor selection tips for midmarket CIOs." Also:

  Is an enterprise resource planning system right for your organization?
  Table of Contents

An enterprise resource planning (ERP) system can be a good way to organize and manage the internal and external resources that keep your business humming. An ERP system can also be a complex addition to your organization, and midmarket businesses in particular must decide whether they are ready to capture and leverage efficiencies enabled by an ERP implementation vis-&agrave-vis the expenditure of capital and effort.

ERP's ultimate goal -- its delivery -- is to unify the enterprise's common purpose, assets and information. It provides an overarching system of control and facilitates sharing to eliminate redundancies.

Learn more in "Assessing the need for an enterprise resource planning system." Also:

  • Outsourcing trends: Waiting on cloud, CIOs eye two-tier ERP model
    As CIOs wait for public-cloud offerings to mature, they look to offshore providers for services that confer competitive advantage. First up: a two-tier ERP or hub-and-spoke model.
  • As ERP system implementation goes live, ERP benefits start accruing
    In this case study of Peet's Coffee's ERP system implementation, the CIO decides between a big bang or phased go-live and begins accruing ERP benefits.
  Risk management and compliance
  Table of Contents

Almost any business activity involves risk. Acceptance of risk in concert with a structured risk management approach suggests that shrewd business leaders want to focus on a risk-based way to approach things. This doesn't mean avoiding risk -- it means using a process that helps identify and minimize risk, while allowing the firm to focus on its core competencies. This is where compliance plays an important role.

While the ISO 31000 standard is only a year old, it's already accepted as one of the primary strategies for risk management. Other notable risk management standards, such as the National Institute of Standards and Technology's SP 800-30, should also be considered when developing a risk management program.

Find out more in "How compliance with ISO 31000 supports risk management initiatives." Also:

  More resources
  Table of Contents

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.