Any effectively developed strategic plan must involve consideration and management of risks. According to this research report by EMA (http://www.enterprisemanagement.com), appreciation for the value of IT risk management is increasing. What I find in general lacking is the integration of risk and compliance objectives and initiatives to value creation initiatives to form a cohesive strategic plan.
"Putting a Strategic IT Risk Management program into place can provide substantial benefits for the enterprise, not only in controlling threats to critical IT services, but also in giving the business a stronger competitive edge through more effective technology discipline."
Today, new approaches to risk management are delivering strategic corporate benefits by tying once disparate IT initiatives into a more unified and integrated program that helps organizations achieve business objectives. These initiatives play a critical role in shaping an IT governance strategy, enabling the business to define governance priorities and to measure and prioritize enterprise IT risk management more effectively.
In the study, "Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management," EMA explores how the convergence of IT domains ranging from performance, availability, configuration and change management to business risk, trust and security controls is defining an entirely new class of solutions. These new approaches are providing critical insights needed to develop a comprehensive operational risk management strategy -- where business goals are aligned with IT.
"Today's enterprise faces a daunting range of IT risks -- from security, business malfeasance and insider threats to business-critical IT service availability, performance and integrity issues. Regulatory requirements intended to curb these risks have also driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands," said Crawford. "Putting a strategic IT risk management program into place can provide substantial benefits for the enterprise, not only in controlling threats to critical IT services, but also in giving the business a stronger competitive edge through more effective technology discipline."
"The concept of a 'strategic' approach brings coherence to the enterprise. IT risk management is no longer limited to one technology or meant to meet a single regulatory mandate," continued Crawford, "It seeks to unify and integrate siloed approaches to managing security, business, technology and trust risks -- aligning them with strategic business objectives to enable the enterprise to consistently manage and measure their control."
Technorati Tags: IT Risk Management