Mitigating Risk Requires Micro and Macro ViewsBy Faisal Hoque | Posted 2008-05-28 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Being vigilant about business-technology risk can make all the difference in its ultimate value.
Business technology is fraught with risk. Successfully conceptualizing, implementing and deploying this technology to achieve operational excellence and strategic advantage can leave a firm vulnerable. Unless executives are vigilant about such risks and are willing to implement mitigation strategies, the ultimate value of business technology may be lost.
Risks can be classified into three broad categories: systems, sourcing and strategy. Some risks, such as systems and strategy, are predominantly intra-enterprise; others, notably sourcing, reflect inter-organizational challenges.
Following is an executive agenda for managing business-technology risk.
Step 1: Build strong partnerships between technology and users at operational, tactical and strategic levels. Provide forums for frequent interaction to raise levels of trust and understanding. Strong partnerships serve multiple risk-mitigation objectives: They promote user involvement, permit requirements to be defined in an amicable and cooperative climate, ensure that business-technology investments are aligned with business priorities and goals, and facilitate user ownership of projects.
Step 2: Educate executives, managers and other knowledge workers about the unique environment and challenges of business technology. In many enterprises, users have only a limited understanding of the complex technologies underlying information systems applications, as well as the effort required to implement complex systems.
As a result, expectations are not consistent with reality, leading to an expectation-fulfillment gap and overall dissatisfaction with the technology organization. An improved understanding of what it takes to extract value from business technology will contribute significantly to an improved technology-business relationship, thereby reducing the overall implementation risk.
Step 3: Craft a comprehensive sourcing strategy that articulates the desired mix of insourcing, domestic outsourcing and offshoring. Too often, sourcing decisions are made in an ad hoc fashion without a systemic view of the overall goals of the technology organization and the level of long-term capability necessary to meet strategic objectives.
Time and significant firm-specific learning are needed to ramp up a technology organization. An IT group that is too lean and highly outsourced may inhibit the development of strategic applications that are proprietary in nature and therefore cannot be outsourced. But an IT organization that’s too large is unlikely to deliver desired business value in the form of cost economy.
Step 4: Nurture vendor management capabilities and develop vendor management expertise that includes knowledge about location constraints, vendor performance and vendor abilities. Such capabilities will facilitate vendor selection and mitigate the multiple risks associated with both domestic and offshore outsourcing. Using pilot projects related to applications that are not mission-critical is an effective low-risk mechanism for learning about the strengths and weaknesses of offshore locations.
Step 5: Instill an investment management culture and imbue the technology organization with investment-management expertise. As with any skilled activity, business-technology investment management is both a science and an art, and must be formally learned and practiced on the job.
Poor investment management is one of the most significant risks technology organizations face. In fact, it can differentiate firms that can exploit technology for business value from those that can’t.
Step 6: Develop and institute a metrics program for articulating risk management and control objectives, and for monitoring progress against these objectives. Any business-technology management or development activity can be evaluated against information criteria such as effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability. Setting appropriate targets for these criteria—targets that are widely understood and agreed upon—will ensure that the efforts of all stakeholders are collectively geared toward managing risk.
FAISAL HOQUE is chairman and CEO of BTM Corp. BTM innovates new business models and enhances financial performance by converging business and technology with its unique products and intellectual property. © BTM Corporation