Gartner: Businesses must manage IT risks

Gartner: Businesses must manage IT risks

Summary: The analyst firm says that businesses that fail to manage IT risks 'are falling behind and getting eaten'

SHARE:
TOPICS: Networking
0

Businesses must recognise that failing to handle IT risks puts them at a competitive disadvantage, according to analyst firm Gartner.

While IT has become increasingly central to business success, many businesses have not adjusted their processes for IT decision making and risk management, Gartner says.

Analyst Richard Hunter said that failure to properly take account of, and plan for, IT risks can affect business agility. "Managements that do understand IT risks are pulling ahead, while those that don't are falling behind and getting eaten," said Hunter. "Uncontrolled IT risk dampens an organisation's ability to compete."

Hunter said that businesses that tailor business processes to take account of IT risks find they are better able to integrate systems, for example, after an acquisition, and are more capable of divesting themselves of companies they wish to sell.

"IT risk has changed," said Hunter, who was speaking at Gartner's IT Security Summit in London on Monday. "IT risk incidents harm constituencies within and outside companies. [Incidents] damage corporate reputations and expose weaknesses in companies' management teams."

IT managers must convey the consequences of IT risks to the business, said Hunter. "It's not simply a case of saying: 'There's a risk that the server might go down.' You have to look beyond to say what that server supports in the business — that, if it goes down, you'll lose $50m in the first week, and be out of business in three weeks."

According to the analyst, a company must ask itself whether its IT systems and business processes will continue running in the event of technology failure, and whether the systems will recover from interruptions. Companies should also ask whether the right people have access to the data they need to do their jobs, and whether the wrong people are blocked from accessing that data.

"Can the company's IT systems be relied on to provide correct, timely, and complete information that meets the requirements of management, staff, customers, suppliers and regulators?" asked Hunter. "And do the organisation's IT systems possess the capability to change if the company acquires another firm, completes a major business-process redesign, or launches a new product or service?"

Read this

Feature

Feature: Ten secrets about working in IT

There are certain quiet truths held by veterans of the tech industry that may come as a surprise to anyone preparing to embark on an IT career...

Read more

The analyst said that a company needs a solid foundation of IT assets, people, and supporting processes and controls that enable executives to manage the right risks in the right order; a risk governance structure and process that integrates IT risk management into every business decision to identify, prioritise and track risks; and a risk-aware culture, nurtured from the top, that attunes people to the causes and solutions for IT risks and that increases vigilance across the organisation.

Topic: Networking

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion