Effective ICT risk management
Parakala says that as the ICT industry recovers from its downturn of the last three years, and ICT spending increases, the need for effective ICT risk management is higher than ever before. Many organisations are still struggling to mitigate their strategic risks, even though they have optimal processes to reduce operational risks.
Some of these major strategic risks emerge from:
1. Lack of CEO and senior management commitment and participation in ICT investment decisions;
2. Limited Boardroom visibility of major ICT projects and activities;
3. CIO and ICT managers failing to align ICT with business;
4. Increased level of offshore outsourcing;
5. Lack of integration between ICT and corporate governance structures; and
6. Increased complexity due to new and emerging technologies
“Effective risk mitigation requires the CEO to take a proactive role in recognising ICT as an important business enabler and integrating the ICT functions into the value-chain to support the core business of the organisation,” Parakala says.
Zarella agrees that increased regulatory pressure makes it necessary for senior managers to “get responsible” to ensure their technology platforms are effectively managed, monitored and championed.
He suggests managers and boards must have a clear picture, plan and roadmap of what their technology platforms are delivering and that must concord with their corporate objectives.
He maintains that business leaders must recognise that technology is a strategic lever, and when given that priority, there is abundant evidence to suggest significant advantages can be realised.
“A lot of businesses will run technology that is outdated, and their executives will talk [with pride] about how much money they have saved through the use of old and possibly challenged technology. Yet these are the very same executives who are surprised to learn how uncompetitive their business has become. IT has to be used as a strategic lever to give you competitive advantage.
“Businesses which recognise that are generally better at mitigating IT risk. Those that don't usually miss the IT risk. We do a lot of due diligence on companies and we hear comments about companies that have controlled their IT expenditure. Then you look at the balance sheet at fixed assets and you see that [sometimes] what has happened is that these companies are right on the knife's edge, running their IT far beyond the use by date. So yes they have controlled costs, but at any moment could be in real strife because of major systems failing,” Zarrella says.
“Just because you have a very low cost IT expenditure on your P&L -- that doesn't mean you are being strategic, that could mean that you are running things into the ground.”