Home

welcome

IT discussions in business media always seem to cover the same topics: mid-tier businesses and tech; IT investment (too much? too little?); data storage (and the environment); information security; and whether good tech people can be good managers. more...
Pete Jakob IBM Software Group Marketing Manager (UK, Ireland & South Africa)

Insights Magazine

The print editions

Who needs insight into IT? Or better still: who doesn’t? Real Business – the award winning magazine for entrepreurs – is working with IBM Software to cut through the technology traps for today’s business.

REAL BUSINESS: INSIGHTS offers a clear, concise, no nonsense take on technology today. Because it’s about time someone did.

the magazine

Tags Risk Compliance Governance (GRC), Know-how, Strategy

The No-Nonsense Guide to IT risk

As an entrepreneur, you're a born risk-taker. After all, you took a chance just trying to make a go of the business. The question is: can you afford to take risks with your IT?

Some business risks simply aren’t worth taking – just look at Enron's accounting, BA's aircraft livery or even Coca-Cola's New Coke launch. Others are essential, sparking growth and innovative ideas – from the personal computer to the iPod.

The challenge is to pick the right risks and figure out how far to take them.

Whatever type of risk you’re thinking about – whether financial (eg Governance, Risk and Compliance, or GRC, in response to regulation like Sarbanes-Oxley, Basel II and MiFID), operational (eg Business Continuity Management, to help you expect the unexpected) or otherwise – you need to consider any risk and its potential impact on your business as a whole, rather than in silos, and then figure out how much risk your business can tolerate.

Once you know your "risk appetite", good management – whereby you eliminate, tolerate, diversify or transfer those risks – is fundamental to your company's long-term performance.

High tech

Like it or not, the IT you're using plays a major part in the risk quotient of your business. Chances are it touches every part of your business, from the PCs on every desk to the server storing your data, from the network connecting the business (both inside and out) to the software running your systems. So why do businesses consistently fail to take this into account?

It has a lot to do with the way businesses grow: lots of stop-and-start, impulse IT buys, based more on necessity (if not emergency) than strategy and with little thought for how it might all one day work together. Manual, paper-based systems often run alongside automated or IT-based ones – for example, invoicing and payment systems. And when problems arise, the time and money involved can be prohibitive.

To cut down on the cost of compliance and risk, manual or non-integrated systems will need to change. They need to work together and do so more efficiently than ever.

What's more, an integrated IT approach leads to improved business controls, which reduce the risk of significant failures. This means less time and effort fighting fires, less money needed in reserve "just in case" and more confidence among potential investors in your business.

Time to grow up

Of course, stringent government regulations have pushed risk to the top of the agenda in many boardrooms – pressure is definitely being felt by financial and insurance companies, for example. Today, managing all forms of content – documents (including emails and instant messages), corporate web materials, graphics and video – is vital in order to comply with requirements that relate to security, privacy, terrorism and governance.

Even without corporate governance requirements regarding risk management, most forward-looking businesses now know that a formal, comprehensive risk management programme is just good business. Markets are more dynamic, complex and uncertain than ever, while global opportunities and developments in technology could easily become threats.

The right IT can help you spot and respond to changes and threats – everything from money laundering to fraud and identity theft – intuitively.

When it comes down to it, the best way to manage risk is devise an integrated enterprise risk management policy, taking a holistic (not just financial) approach. Integration offers lower cost and risk, with more immediate management information throughout the enterprise.

If in doubt, ask yourself these simple questions – your answers may come as a surprise:

Do you fully understand the risks to your business?
Do you know which risks are definitely worth taking and those to avoid, if your firm is to prosper?
Do you have a formal record of the key threats and opportunities in your business, including the actions in place to mitigate the risks and to exploit the opportunities? If you do, when was it last reviewed and how effective is it?

IN A NUTSHELL: Protect yourself

1. Business insight: Improve understanding of what information exists and where in support of requirements for governance, risk and compliance, aligning the business with IT processes and controls.

2. Risk analysis: Integrate risk analysis with business policies, including portfolio assessment, threat evaluation and risk determination.

3. Policies and procedures: Document risk management and compliance policies, with pre-defined response to risk and events, using clearly defined and compliant approval processes, in conjunction with auditors.

4. Security and controls: Implement security access and controls aligned with the ISO 27001 Information Security international standard, including policy support for privacy, retention and risk reduction through establishing tiered approval controls.

5. Demonstrate compliance: Demonstrate compliance to legal and corporate policy using approved checkpoints and change plans.

For more information, visit: www-306.ibm.com/software/uk/govern

Printer Friendly Email This Article

Live Links Live insights from the web

Mind the gap
In the latest edition of Real Business Insights, we ask the experts... More ..

New edition of Real Business Insights
The new edition of Real Business Insights has now been published and... More ..

Get it together
Everyone talks about "convergence" in business (especially in... More ..

Where did you leave that data?
There's some new US legislation that could hit businesses hard in the... More ..

Do more with less (more or less)
The CIO Jury over at Silicon.com has announced that "IT budgets are... More ..

Techs versus managers: the debate continues
Good points raised in a piece last week on Computerworld.com, by a... More ..

All this data is making me hot
We should have seen it coming. Having lived through the Information Ag... More ..

Next >

search site

where next?

Looking for answers to your most pressing tech questions? There are a few routes for you to take:

IBM Business Partner search Click here to search IBM’s Premier Business Partner network, some of the UK’s best software and systems experts.

Ask IBM
Speak with IBM Software directly. Click here to email your query.

ask a guru

Looking for answers to your most pressing tech questions? There are a few routes for you to take:

QUESTION OF THE WEEK:

I run a small manufacturing business with 500 employees. Should I be worried about GRC (Governance, Risk and Compliance) issues? And if so, how can my IT help?

"We did a survey of our customers and, from 100 completed surveys, 80 per cent expected the burden... more...

Real Business Insights © 2006. Produced by Caspian Publishing in association with IBM Software Group in the UK. Editorial opinions expressed on Real Business Insights are not necessarily those of IBM Software or the publishers. Neither the publishers nor IBM Software accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from IBM Software or the publishers.