There are lots of valid reasons for why technology projects fail. Norman Marks believes a major reason for it is that a disciplined approach to buying software is not being followed. This lies in a failure to identify requirements.
Where Do Your Duties Lie?
Periodic reviews of top risks are not adequate to manage risk across the enterprise. Rather, a risk program must be enabling managers to spot and make decisions around risks on a daily basis. This requires a combination of the perspective of risk officers and management. The management especially must develop a vision of risk as it applies to individual objectives and strategies. Progress should be measured against these items only.
Marks asks a series of biting questions that pick holes into inadequate risk management solutions:
Where are the risk monitoring tools that automate the updating of risk levels as they and the business change?…Where are the reports, dashboards and other tools that let a manager review progress against strategies and objectives with a combined view of both performance and risk?
When it comes to reporting, how do these tools enable management by exception, telling executives what they need to know when they need to know, in a concise and easily consumable form, so they can ensure they are taking the right risks as they manage and direct the organization?
Marks also wants to push GRC solutions off into a corner, which he believes are not up to the task of things like monitoring governance risks. It takes human know-how and analytics together to keep the most accurate and current list of risks. Once there is a full understanding of how risk management is used to let decision-makers select the best path, you can finally start the process of deciding how technology might help you. You can read Marks’ full article here: http://www.cmswire.com/cms/information-management/why-risk-management-technology-projects-fail-026691.php