IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.
The big strategic issues are often aired or at least obvious (meaning you know they need to be aired). However, the devil is often in the details. The following “no-brainers” and apparent banalities can leave you blindsided in your IT risk management, which is never a good thing.
- End-user champions. Your brilliant IT plans and deliveries may come to nought if end-users stay aloof. If you have an end-user who can champion your solutions, your risk is that the person leaves.
- Bad communications. If IT projects, activities and instructions are not clearly communicated, don’t expect your teams or personnel to read your mind. This may sound obvious, but it’s striking to see how many CIOs think telepathy will automatically save the day.
- Vendor management slip-ups. Although you may think of checking the business continuity and disaster recovery preparations of your vendors, don’t forget to check the risk that they might be acquired or merged with another company, with possible impacts on products or services on which you depend.
- Shadow IT. Users who go round your IT department and buy their own solutions in the cloud for example probably don’t know about IT risk management. They may not care either, until something goes wrong, in which case the IT department is often a convenient scapegoat. Educate such users and accompany them in their IT dealings, if you can’t bring them back into the corporate IT fold otherwise.
- One-person knowledge silos. Allowing any one person to hold a monopoly on particular IT information is asking for trouble. Double up so that just like for your data you always have backup available when you need it.
- Missing documentation. The business world is full of legacy systems with business logic that is essential to the operations of an enterprise, but that is undocumented and impossible to modify or upgrade. Get your developers to document properly as they develop, and before they leave to work elsewhere.