alfabetConnect

The Risk Risk

"We don't know what we don't know". Sound familiar? No, not from a certain Secretary of Defense but from someone in your IT organization? Considering the complexity of most IT landscapes, this would have to be one of the first true confessions of staff responsible for IT risk. That is unless the IT organization has managed to tame the beast of complexity by establishing structure through portfolios, transparency by understanding the interrelatedness of those portfolios and a risk management approach that builds on those interrelated portfolios.

Most IT organizations have naturally grouped the many diverse IT elements into portfolios for the purpose of manageability - application portfolios, technology portfolios, strategy portfolios, project portfolios - with these again grouped into sub-portfolios along aspects such as business function, domain, ownership, technical platform, etc. Ideally the grouping follows a goal associated with a business value or purpose and the metrics used to assess that portfolio are based on that goal. Risk metrics assess potential obstacles to reaching that goal.

Actualized risk pertaining to one portfolio can certainly result in significant loss but if we consider the interrelatedness of the various portfolios (and because of this interrelatedness we are actually talking about ONE portfolio - the IT portfolio), loss can be severe.

"Beyond the scope of the individual initiative, risk at the whole/partial portfolio level matters to the organization's governing executives. Many times, initiatives depend upon other initiatives for action, for delivery and for input. Failure of process, work, vision or decision taking in one initiative can lead to cascading failure across a group of initiatives. This can explode the level of loss from that which might have been contained, to something devastating." Portfolios and Risks: Where to Start? Michael Hanford, Gartner, August 16, 2011.

Few products on the market can provide the holistic view of the IT portfolio - across and between the various IT disciplines. Even fewer can provide detailed data on the risk associated with individual IT objects AND the ability to aggregate data up to the level needed to assess the risk one portfolio poses on another. Manual processes often mean days or weeks until risk exposure can be demonstrated. planningIT can. Its charter to help companies transform their IT to maximize business effectiveness includes an IT Risk Management that is intrinsic to the IT planning process. This enhances decision-making capabilities by enabling companies to be more confident in the decisions they have to make and thus be more proactive and agile.

So here at alfabet "We don't know what we don't know." is tabu as well as another quote from that illustrious statesman: ""Learn to say 'I don't know.' If used when appropriate, it will be often." There is just no reason for it with planningIT.

Back to newsletter