Having 15 years in business dealing with IT leadership, Bjorn Ovar Johansson finds that operational risk mitigation is one of the single most underrated elements in fostering a healthy business. He writes for CIO UK with a practical approach to mitigating risks in IT and abroad. A reckoning is coming, and risks are about to get zapped.
Risks at Risk
To define it, operational risk is “the risk of monetary losses as a result of faults and errors in process, technology or skills or due to external factors.” Johansson offers several methods for addressing it. These include identification of risk areas, compilation and assessment of current risks, the introduction of a risk management model with tools and governance, and finally ongoing risk mitigation as part of regular operations. Executive management and IT must come together to work out over time exactly where risks reside and how serious a threat they pose.
There are two most pressing areas where risk management should come into play according to Johansson. One is risks pertaining to major transformations or the total project portfolio, otherwise known as change management. The other is risks regarding management and control of the IT function and IT delivery. These are areas that either represent the most common assortment of risks or pose the greatest financial threat if not properly addressed. About IT delivery and reliability, Johansson writes:
What can CIOs do in order to avoid major business disruptions due to IT glitches? Properly introduced ITIL, ISO certifications and so forth are helpful. Bottom line though, it is about investigating all relevant areas from server rooms, hardware, networks, power supply, Business Disaster Recovery planning, configuration and change management and so forth. It can be helpful to look at the history of IT disturbances and to understand, not only frequency and severity, but what the organisation has done to make sure the root cause was resolved.
You can go even further with your business analysis. See to it that IT has a documented, approved, and circulated strategy that aligns with market opportunities. Likewise, do not let too much IT firefighting get in the way of good processes, and especially do not let your processes get rusty.
The full article delves into even more topics, touching upon how to stop operational risk pertaining to, among other things, financial processes and security. You can read it here: http://www.cio.co.uk/insight/strategy/mitigating-operational-risks-advice-for-cios-3598840/?otc=103