According to Greek and Roman myth, the great—and ostensibly indestructible—warrior Achilles was slain by an arrow to his heel—his one vulnerable spot. Today, technology risk may represent a comparable area of weakness for companies. The news is full of stories about a seemingly secure company suffering from a security breach or other technology failure, damaging both its reputation and bottom line.
While CIOs may face a greater set of risks than ever before, there is also a greater opportunity in store for those ready to seize it.
In the current high-risk environment—with an ever growing dependency on technology—CIOs and IT professionals everywhere find themselves in a unique position: To play a leading role in helping the organization develop greater risk management capabilities.
Savvy CIOs are already outlining their plans to elevate the IT department’s risk practices, hone business continuity plans and harness the power of IT across the organization to attain a higher level of risk management. After all, CIOs have essential knowledge and skills to help coordinate and align IT priorities and processes with risk management needs.
How does such a transformation begin? By considering risks intelligently and embracing a broader view of risk—one that encompasses strategic issues facing the company as a whole rather than just those that impact the IT operation. To advance to a higher-level of risk management—to become what we call “risk intelligent”—CIOs must cultivate a greater understanding of risk and the role that IT can play in supporting more coordinated risk management efforts.
Companies that take steps to anticipate and prepare for risks and major business disruptions before an event takes place will have an easier and faster recovery, as well as competitive advantage in the marketplace. And IT professionals who facilitate this may also gain an advantage—in climbing the career ladder.
Embracing Risk
Understanding risk and its many forms, beyond IT risks, can help companies and CIOs better prepare and respond to disaster as well as opportunity. While risk is often associated with the misfortunes brought on by hurricanes, tornadoes or fraud, risk can also translate into opportunity, success and reward brought about by proactive, intelligent risk-taking. Companies that recognize different types of risk will be on their way to adopting the principles of risk intelligence.
Here are sole key considerations for developing risk intelligence:
Risk-Taking for Value Creation
Risk intelligent enterprises operate under a philosophy that encompasses not only risk mitigation, but also risk-taking as a means to value creation. Firms that focus only on protection of assets and risk avoidance may survive, but are less likely to prosper. Risk-taking for reward can assume many forms, as in launching new products, entering new markets or acquiring new businesses. Higher returns come at the price of higher risk. As an example, a number of organizations rely on a merger & acquisition (M&A) as a growth strategy. Information and technology risk management must be thoroughly considered in the pre- and post-integration due diligence efforts in order to effectively account for a number of risk areas, including legal, regulatory, contract and compliance requirements, as well as technology integration and system consolidation requirements. These risk areas, if left unaddressed, can adversely affect the overall M&A strategy and desired value creation. By developing well-designed IT strategies and strong technical capabilities, the risk intelligent CIO can help the organization create strategic flexibility—so organizations can withstand disaster and capitalize on new market opportunities.
