achieving business goals by managing it · pdf fileachieving business goals by managing it...
Post on 30-Jan-2018
219 Views
Preview:
TRANSCRIPT
© 2012 IBM Corporation
IBM Business Resilience Consulting Services
Achieving Business Goals by Managing IT Risk Arjan Mooldijk, IBM Consulting
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
The Reputational Risk study revealed three key observations concerning IT’s impact on reputational risk.
2 2
#1 IT risks have a major impact on a company’s reputation
#2 Companies have rising IT risk concerns related to emerging technology trends
#3 Companies are integrating IT risk and reputational risk management, with strongest focus on threats to data and systems
“IT and reputational risk management and mitigation are… key success factors of our business and must be given due emphasis.”
C-level executive, Malaysian agriculture and agribusiness company
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
ISACA – Information Systems Audit & Control Association
The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise
3
International best practice such as ISACA, COSO and ISO31000 clearly link operational risk to the business objectives BUT most companies still manage risks based on incurred costs/losses.
IT Risk Management | Assessment approach | CFO round table - by Corporate Leaders & IBM
COSO – Enterprise Risk Management Framework
Enterprise risk management, which incorporates Information Risk Management, is defined by COSO as a process, … , to provide reasonable assurance regarding the achievement of entity objectives.
ISO 31000
Shifts from an event to the effect risk and risk management have on an organization’s objectives ... and put the emphasis squarely on risk management as a strategic discipline for making risk-adjusted decisions, rather than a compliance-based function.
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
To thoroughly identify the business risks associated with the use of IT, the analysis should be extended beyond the “rearview mirror”, by performing a “What if” predictive scenario planning across the “IT Risk SpectrumTM”
4
IT
Ris
k Sp
ectr
um™
Availability & Recoverability
What if IT does not keep systems running and, if necessary, recover from interruptions in line with business expectations ?
Security & Data Protection
What if IT does not provide the appropriate access controls while protecting the businessʼ information and resources ?
Agility & Appropriateness
What if IT does not respond in a timely manner with the correct new or modified IT Service in support of changes in business requirements ?
Scalability & Performance
What if IT does not maintain acceptable performance based on business needs and appropriately accommodate changes in business service volume ?
Accuracy & Timeliness
What if IT does not provide accurate data, to the right people, at the right time to make informed business decisions ?"
IT Risk Management | Assessment approach | CFO round table - by Corporate Leaders & IBM
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting Adopting a top down approach is critical to success. By linking quantified strategic business initiatives to execution and measurable KPI’s you can determine how IT risks affect your business performance
Align Strategic Goals with Value of IT Services
Strategic Business Initiative (SBI) Increase competitive advantage by introducing new products and services faster than competitors ($100M revenue impact)
Associated Business KPIs 1. Time to market for new product/
service development projects 2. Cost of design and develop
products/services 3. Etc.
Recovery & Avail
Agile & Timely
Scalable & Performing
Access, Security, & Info Protection
Accurate & Appropriate
BC / PG 1
KPI KPI KPI KPI KPI
BC / PG 2
KPI KPI KPI KPI KPI
Recovery & Avail
Agile & Timely
Scalable & Performing
Access, Security, & Info Protection
Accurate & Appropriate
BC / PG 1
KPI KPI KPI KPI KPI
BC / PG 2
KPI KPI KPI KPI KPI
IT Risk Spectrum 1 2 3 4 5
BC / PG 1
IT KPI
IT KPI
IT KPI
IT KPI
IT KPI
BC / PG 2
IT KPI
IT KPI
IT KPI
IT KPI
IT KPI
Establish measurable IT KRI (S) IT/Bus strategy review = 6 mos (P) Equip purchase = 30 day, (AD) App dev is < = 2 months (S) Security product review cycle <2 wks (T) SAN ports < = 80% (F) DC Capacity < = 90%
Impose IT KPIs per SBI and business group (AD) Average time in months to fulfill a business need with relevant IT solutions
Bus
ines
s G
roup
1. Identify Business’ Strategic Initiatives against which to manage and exploit IT capabilities
2. Map strategic initiatives to Business and IT services with measurable indicators and estimated impact to initiatives
3. Establish IT performance metrics against the IT Risk Spectrum and Resilience Framework.
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
6
IBM has developed industry specific Business Process and KPI maps aligned with the cross-industry APQC’s Process Classification Framework (PCF)TM used by nearly 2000 organizations globally
Cross-Industry APQC’s Process Classification Framework (PCF)TM
Industry Specific Business Process and KPI Maps
IT Risk Management | Assessment approach | CFO round table - by Corporate Leaders & IBM
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
The benefit of this forward looking risk management approach is twofold: it allows enterprises to anticipate IT risks and keep IT risk management aligned with Strategic Business Initiatives
The “Top Down” approach – ensures you remain aligned with Strategic Business
Initiatives (SBI), and – improves efficiency to do more with less resources
Root Cause Analysis allows to define leading KRI’s, as early warning indicators
Scenario Planning allows to mitigate risks by anticipation
7 IT Risk Management | Assessment approach | CFO round table - by Corporate Leaders & IBM
© 2012 IBM Corporation
IBM Global Technology Services – ITS – Business Resilience Consulting
8
Thank you
for your interest
IT Risk Management | Assessment approach | CFO round table - by Corporate Leaders & IBM
top related