More

    Risk Management: If Not First, When?

    A lot of business tech articles, including here on IT Business Edge, start from the assumption that a project or tech purchase has been decided upon. It’s the project and product details, the staffing, the timeline and budget that need to be cleared up before completion. That’s not likely to change, as our readers are very often at or near that point in the decision-making process when they come to us, and you can’t start at the very beginning every time you address a topic.

    But we’re making a huge assumption that the necessary in-house planning and risk assessment has been taken care of in each case, and that may be part of the problem many companies face: It has not been taken care of. Basically, these companies either place the cart, or the technology, before the horse, or the risk management process. Or they just ignore the horse altogether and proceed with a series of possibly ill-advised carts.

    The enormity of this kind of assumption hit me again when I read a post by Darlene Tester, a compliance professional at U.S. Bank, on the ISACA Journal author blog. Tester writes that even though we all know that we want to be in between “chasing technology and doing nothing new,” we keep the blinders to risk on, leaning too far to one extreme or the other. Writes Tester:

    “If a company establishes a sound risk management process and uses it before making technology decisions, it will know what technology is right for their company, their situation, and their cost and risk appetite. We do not need to disregard imperative precautions, but we do need to establish a baseline for our risk appetite and then determine how imperative those precautions are to our business.”

    If a company leans toward “chasing technology,” without applying its custom risk management process – whatever that may be – in each case, the results are predictable enough to appear in change management guidance. Moe Glenner, founder and president of organizational change management consultancy PURELogistics, will probably never be hurting for clients, because of this truth of his area of expertise. Glenner, as he wrote in a recent change management slideshow on IT Business Edge:

    “ … frequently observes companies that attempt technology-based change initiatives with the latest and greatest new technologies. Many believe that the provider of this technology will also ensure that their technology will successfully effectuate the intended changes. They effectively defer the planning, execution and most importantly control to this third party. More times than not, this recipe fails and takes the change initiative down with it. The result: Blame the technology and try to find a ‘better’ technology. In other words, they blame the equipment and not themselves.”

    And if a company leans toward “doing nothing new,” not only will they lose any competitive position they possess, they won’t even have anyone else on which to place blame.

    Maybe that’s the reason that chasing technology and ignoring risk assessment and management steps is so appealing; failures can be replaced and pushed from recent memory with new tech solutions, and the cycle can continue for some time as long as there are some wins among the losses.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles