In response to recent incidents, such as the sub-prime crisis in the US and internet disruption to businesses in Asia, the Middle East and North Africa caused by damaged undersea cables, industry experts are calling for organisations to take a cross-department approach to risk management and business continuity strategies.
Datamonitor highlighted the importance of an enterprise-wide approach to risk management in a report by analyst Damian Shaw-Williams. Based on the operational failure in the US housing market that led to the current sub-prime crisis, the report argued against firms’ predominating “silo approach” to risk management.
This silo approach results in departments being unable to speak the same language, resulting in a lack of knowledge and transparency in an organisation. This, in turn, leads to greater operational risk, such as losses resulting from failed internal processes and systems, according to Datamonitor.
To prevent enterprise risk of this kind, budget needs to be reallocated from external market risk to operational risk, Shaw-Williams advised, adding that the broad area operational risk encompasses makes it difficult to manage. For this reason, Shaw-Williams recommended that organisations undertake operational risk management through an incremental approach.
Organisations need to foster relationships between IT chiefs and risk officers, as more regulation, such as the Markets in Financial Instruments Directive, becomes IT-driven, Shaw-Williams added.
Security vendor Symantec’s latest IT risk management report also called on firms to take an enterprise-wide approach to the issue. IT Risk Management Report 2: Myths and Realities puts more emphasis on availability and performance risk, rather than security and compliance risk, which dominated last year’s report.
According to Symantec, availability risk concerns information or applications made inaccessible by process, people or systems failures, or natural disasters, while performance risk applies to underperforming systems, applications or staff that will affect business productivity or value.
Symantec carried out a survey of 400 IT professionals and found that
availability risk was considered the most serious risk, ahead of security and
compliance risk.
The threat of availability risk “is often equivalent to business availability.
In a connected world of global supply chains and collaboration networks,
availability failures in one business cascade directly into others,” the report
noted.
One example is the cables that recently snapped under the Mediterranean, affecting India’s call centres and IT companies providing outsourcing services, among others. Gartner analyst Roberta Witty highlighted the importance of contingency plans. “The problem is, people don’t follow through [on risk investments] because they think it will not happen. They consider it too expensive,” she said.
Witty advised organisations to consider virtualisation technology as useful for risk management strategies, because it decreases the amount of recovery equipment needed in the event of disaster.
