It’s time to have “the talk.” Yes, there comes a time in every CFO’s career where he must approach the IT department and have that discussion on risk management. George Westerman of HBR Blog Network wants to help you prepare for this day, by reminding us that “IT Risk” doesn’t have to be a dirty phrase. In fact, the conversation doesn’t have to be difficult at all. Business can define IT risks as falling into four different categories:
Out of the four, the IT department tends to put the most emphasis on availability and access. They want to keep things running smoothly and recover from failures quickly. They also want to keep hackers and other prying eyes away from information they shouldn’t see. However, when it comes to ensuring all the information is accurate and the business processes can be changed with agility, IT isn’t as concerned.
Just because business and IT put the risk emphasis in different areas, doesn’t mean that business and IT can’t have an open discussion. In fact, the sooner it’s done the better. If you can make IT understand the importance of all four points, it lessens risks in the future and promotes a stronger relationship between both departments.