<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcs8krshw00000cpvecvkz0uc_4g4q/njs.gif?dcsuri=/index.php/c/a/IT-Management/Strategy-Execution-for-Risk-Management-264383/1&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.baselinemag.com&amp;WT.qs_dlk=XTR@ckEQpIkZsaR13n@ubAAAAAI&amp;">

The Faces of Risk

By Faisal Hoque  |  Posted 2009-05-05 Print this article Print

Risk management and IT continuity are complex and critical disciplines.

In this environment where business technology is pervasive, what is the nature of risk? Risks are classified into three broad categories: systems, sourcing and strategy, based on where they originate. Some risks are predominantly intra-enterprise in nature, such as systems and strategy, while others, notably sourcing, reflect the challenges that arise in inter-organizational settings. Note that although these categories are somewhat overlapping and not mutually exclusive, they nonetheless provide a conceptually simple framework that can be populated through conversations and interactions among executives from both technology and business. 

Effectively managing project risk requires that a structured process and organizational responsibilities be implemented at both the project and program levels. A formal risk management plan should be developed to clarify risk management roles and responsibilities; risk management processes, procedures, standards, training and tools; the method and frequency of risk progress reporting; and what should be monitored to determine if risks are occurring. A project should attempt to manage only the risks it can handle. Other risks should be elevated to the program level. Determination of whether to elevate should be made based on examination of whether the mitigation action steps are within the control of the project team.

Managing risk at a program level involves a review of project risks and program risks by an Enterprise Program Management Office (EPMO). The EPMO should analyze project risk across the entire program to see if the same risk occurs in different projects and requires concerted action.

The EPMO should document the inventory of risks, their assessment and mitigation plans in a database. If after analyzing program risk the overall program risk level is deemed to be higher than originally documented in the cost/benefit plan (i.e., the business case), then the business case should be updated--reflecting the adjustment in the range of costs and/or benefits or a lower confidence measure. It is important that the EPMO collaborate with an Enterprise Risk Management (ERM) Group to ensure that the business impacts of project-related risks are well understood, and that a periodic evaluation can be made concerning the impact of other enterprise risks on the project.

Faisal Hoque, Founder, Chairman and CEO, BTM Corporation Faisal Hoque is the Founder, Chairman and CEO of the Business Technology Management Corporation. BTM Corporation innovates new business models, enhances financial performance, and improves operational efficiency at leading global corporations, government agencies, and social businesses by converging business and technology with its unique products and intellectual property (IP). A former senior executive at General Electric (GE) and other multi-nationals, Mr. Hoque is an internationally known, visionary entrepreneur and award winning thought leader. He conceived and developed Business Technology Management (BTM) to direct the social and economic growth of organizations by converging business and technology, helping transform them into "whole-brained enterprises." He is the author of "The Alignment Effect," "Winning the 3-Legged Race," and "Sustained Innovation," among other publications.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.