How CIOs Can Defend Their Company from Risk

The CIO is responsible for protecting the whole company against risk. Sound surprising? It shouldn’t. With the expansion of information technology into all areas of business, the CIO not only has the role of innovator, but now also protector. So how can you, as a CIO, create plans and processes that not only assure your own department is secure, but also the company as a whole?

This is the very question that Dr. Jim Anderson asks (and answers) in this blog post. He begins by listing the three types of general risks (preventable risks, strategic risks, and external risks), and then the three ways of managing risks.

Independent Eyes, Facilitators, and Embedded Teams

The first way to manage risks is to set up an “independent group of experts” who act as devil’s advocates and challenge all assumptions held by the project team. These are the people who will push your project teams into thinking outside of their normal bounds and see risks that perhaps they hadn’t even considered before.

The next technique? Facilitators:

The next approach is to use facilitators to identify risks that might not normally be visible. In many IT departments there are multiple projects going on and many different existing functions. The end result of implementing multiple new projects may have an adverse impact on the IT department; however, none of the project teams will be able to determine this because they can only see their individual projects. The role of the facilitators is to gather information from all ongoing projects and evaluate if they will be introducing risk into the IT department.

The final approach is to embed the people who are identifying and dealing with those risks into the project team itself. By working side-by-side, the team that is working can ask questions immediately and get answers immediately, as well.