Skip navigation
Up to Blog Posts in Blogs

Blogs

7 Posts tagged with the risk tag
Sue Bergamo
0

Harvey Koeppel and the Center for CIO Leadership were the hosts for the Virtual Roundtable, which focused on the ongoing education of CIOs, by providing real life examples from industry leaders from all facets of the industry.  Today’s session - Next Generation IT Governance continued to prove that Harvey has the right pulse on the industry and ongoing CIO needs. There were several key take-aways that surfaced from the conversation.

 

Leaders from Cranfield and Yale Universities led the group in a discussion regarding the need for IT Governance and in how to structure decision-making and create accountability when forging down the IT Governance path.  Having transparency and a framework for effective communications, aids in changing the organization’s behaviors that are necessary to implement successful IT Governance programs.  Another facet of the model is the need for companies to co-exist in a collaborative environment and to have a set of metrics and scorecards to promote the current state of the organization.

 

The speakers and participants shared their perspectives on this very important topic. How are you looking to evolve IT Governance and enable your businesses to succeed and thrive in this-hyper competitive environment?

 

Sue Bergamo

CIO

BTE Consulting

923 Views 0 Comments Permalink Tags: case_study, center, cio, cio_roundtable, communicating_business_value, education, governance, leadership, risk, strategy, risk_management
centercio-admin
0

In an effort to share insights and advice coming out of the great conversations CIOs are having as a community, the Center launched a new and exciting six-part video series, CIO Perspectives. This series brings together leading CIOs as they discuss topics, exchange ideas and compare experiences on important topics for CIOs to enhance their impact as business leaders.

 

Listen to Harvey Koeppel, Executive Director of the Center for CIO Leadership as he leads a discussion focusing on the function of risk management with Center CIO Members, Jeanette Horan, CIO, IBM, Peter Whatnell, CIO, Sunoco, Inc., and Ron Bergmann, Vice President and CIO, Lehman College/CUNY.

 

Episode 1: CIO Perspectives | Risk Management

 

1542 Views 0 Comments Permalink Tags: risk_management, center_for_cio_leadership, harvey_koeppel, video, it_risk, center, risk, jeanette_horan, peter_whatnell, ron_bergmann
centercio-admin
0

“The involvement of the entire organization is very important.  You have to have a policy of security and risk management so that the people are involved in the process and are being more proactive than reactive.” CIO, government finance ministry

 

Risk management is a topic of concern and priority for CIOs in all industries.  High profile attacks on customer databases and company websites have heightened the focus on information security and data protection as a core component of IT risk management.  The explosion of social media has presented CIOs with a score of concerns, from reputational risks to the brand to the dangers of unfettered employee access.  The evolving regulatory environment has created significant new demands upon enterprises and their CIOs and continues to require increased transparency and proof that these risks are being well managed.  And the call for more mobile access to corporate tools is challenging the traditional IT tactic of securing the perimeter and forcing CIOs to focus instead on end point security.

 

The Center for CIO Leadership interviewed CIO members across industries and geographies to gain their perspectives on how IT risk is changing for CIOs and what approaches CIOs are implementing to take a leadership role in risk management.  The following themes emerged from the qualitative research:

 

  • IT risk management and security processes should be integrated into overall enterprise risk management governance
  • A balanced approach to risk management is key
  • IT leaders must market IT’s risk management and security strategies in business terms
  • IT risk management and cyber security are not annual exercises
  • Continuous education is paramount
  • Risk management must be ingrained in every facet of IT strategy and management

 

Read this white paper to gain peer advice and insight on approaches that CIOs are implementing to take a leadership role in risk management and how CIOs are partnering with the entire organization on this imperative area.

 

Read the white paper attached below.  If you do not see the file below, click here.

1030 Views 0 Comments Permalink Tags: risk_management, center_for_cio_leadership, it_risk, center, whitepaper, white_paper, security, risk, cyber_security, cio_insights_research
centercio-admin
0
George Westerman

George Westerman

Join the Center for CIO Leadership for this interactive virtual roundtable for CIOs and other C-suite executives, IT Risk: Turning Business Threats into Competitive Advantage featuring Dr. George Westerman, Research Scientist, MIT Center for Digital Business and Kris Lovejoy, Vice President of Risk Management, IBM.  The roundtable will take place Tuesday, September 27, 2011 at 9:00 am EDT (New York, USA).

 

Recent press about cyber and malware attacks, combined with ever-increasing regulatory compliance burdens, has Boards demanding that CIOs keep their companies out of the headlines.  At the same time, the consumerization of IT and exploding use of social media across enterprises are increasing the challenges of managing risk.  Yet IT risk management efforts are often seen as preventing progress rather than managing risk.  This session will explore key elements of the risk management challenge, the approaches to successfully manage risk and the potential for CIOs to find new value from risk management.  The speakers will explain how CIOs can reframe the discussion to turn these challenges into business opportunities.  The session will also feature a case study on how IBM is tackling the risk management challenge.

Kris Lovejoy

Kris Lovejoy

 

Topic:

IT Risk: Turning Business Threats Into Competitive Advantage

Time:

Tuesday, September 27th, 2011 - 9:00 am – 10:00 am EDT (New York, USA)

Location:

Dial-in information will be provided upon registration

Format:

9:00 am: Presentation by George Westerman and Kris Lovejoy

9:25 am: Interactive Panel Discussion and Moderated Q&A with George Westerman, Kris Lovejoy, Harvey Koeppel and Virtual Roundtable participants

9:55 am: Final words

10:00 am: Adjourn

To register for the September 27th Virtual Roundtable or if you would like further information, please contact event@cioleadershipcenter.com.

1259 Views 0 Comments Permalink Tags: center_for_cio_leadership, george_westerman, cio_roundtable, event, cio_virtual_roundtable, ibm, virtual_roundtable, roundtable, center, mit, virtual, risk, kris_lovejoy
Brian Barnier
0

The news headlines continue: systems failures, data breaches, project delays, troubled products, trading failures, money laundering through mobile networks. These are just some of the sinkholes in operational-risk land related to information technology. The question is, why? Why do they keep coming despite efforts to prevent them?

 

"Why can't I just get a single view of risk to the business, especially a particular business activity or process? What makes this so difficult?" an exasperated CIO asked me at an executive briefing held by a chapter of the ISACA IT security organization after I discussed IT-related business risk. "One bad business-IT decision killed our company!"

 

Analyzing IT-related risk in silos leaves gaps and frustrates business leaders. Responding to IT risk in silos increases cost, creates prioritization errors and unleashes other gremlins.

 

Read on at SearchCIO.com http://searchcio.techtarget.com/tip/All-about-the-business-Critical-insights-on-operational-risk

468 Views 0 Comments Permalink Tags: risk_management, brian_barnier, risk, operational_risk
Pim van der Horst
3

I recently chaired a meeting of the Center’s Member Steering Committee (13 CIO peers helping the Center to engage members and drive value). As part of our discussion, we tackled the topic of risk management, and what we as CIOs are facing now in the area of risk management and security.

 

I would like to share some of the pressing issues we uncovered in our conversation, and invite you to add your own thoughts on what is keeping you up at night when it comes to risk management.

 

Regulatory oversight is making it tougher than ever

 

In the US, state level regulators are increasing scrutiny on information and data protections and security, which is consuming resources. One of my Committee colleagues described it this way:

“There is an increase in oversight in many areas from State attorneys general. I have the new responsibility to safeguard information.  We are seeing the regulators looking at the protections we have in place; we have significant challenges around mobile technology and how we are securing the data; and we have a broad spectrum of challenges, with plenty of remediation work needed. This is a big drain on resources and we are in middle of fire drills to see where we have exposure.”

Outside the US, regulators are going beyond mandating what to do, to mandating what technology and even which vendors to use to do it. Two CIOs on the Committee share concerns in this arena:

“The scary part in all of this is not what to do, but how to do it. It is dangerous when the regulators start pointing you to what technologies to use and what vendors to use.”

“I have a similar experience in my country. The regulators have been overbearing, and are defining the vendors we can work with. It is not helping with the differentiation that you would want as an organization.”

Globally regulations vary greatly, with the imbalance in less regulated geographies providing weak links that impact security for everyone.

“It is not about regulation in one country.  It is about a balance in the world.  Is it okay that some countries have tighter regulations than others?  The hackers or others that are trying to get into your systems will go through the weakest link…”

 

The consumerization of technology is upping the ante

 

Another hot button issue right now for the Committee is the consumerization of technology. Several committee members agreed that the proliferation of technologies and the end users’ knowledge and expectations around those technologies are making “the consumerization of technology a problem” to enterprises globally.

 

Social media brings lots of opportunity for enterprise threats and risk

 

As CIOs wrestle with social media in their enterprise, one of the biggest issues on their mind is the exposure and risk that comes along with all of the open networks and conversations. As one of my fellow members put it:

 

“The propagation of social media is propagating the risk management issues as well.  We don’t really know who is making comments on social media. We need to constantly monitor what people are saying, and we need to address the customers and even competitors who are putting comments on social media. And don’t forget that the regulators are mandating that we have an approach to managing this, so we need to start having a plan to address this.”

 

The drumbeat for transparency is beating faster but so are the risks and threats

A final point made in our discussion is the CIOs must walk a challenging line, as the demands for transparency across the enterprise accompany ever-increasing risks and threat.

“We have to be aware that risk threat is higher than ever, and at the same time we are also charged with being more transparent than ever.  Those two contexts are important to remember. Our risk management is also driven by the need for reputation damage control- driven both by compliance and a commitment as a profession that our organizations are protected”

These are a few thoughts from this Committee on the subject of risk management.  As I consider these comments, and think through the challenge of managing risk for CIOs, I would add this additional perspective as you think about IT risk management:

 

Recognizing risk to manage it

 

A big risk management issue I see is how to recognize a threat and to know that a threat is present for your organization.  Often it is hard to realize that a threat exists. When a threat finally occurs, it is hard to know how to reduce/eliminate it.  And finally, it's also difficult to quantify the threat/risk (the chance of the threat to occur and the damage it might generate). I put these threats into three groups as a way to help think through my own strategy for risk management.

 

  • Internal threats (e.g. people: screening; physical security measures: identification, biometrics; organizational: processes)
  • External threats (e.g. hacker attacks; dependency of suppliers, power supply/electricity; physical threats: earthquakes, radiation, attacks, etc.)
  • Compliancy threats (legal, liability, etc.). How can an organization oversee all new regulations (what is the risk of missing one...)

 

My question to my fellow CIOs is - how can technology help in deterring threats? The strength of the chain is decided by its weakest link: often people are the weakest part in the chain. What are you doing to deter threats in your organization?

 

More broadly, what risk management issues are keeping you up at night? What should CIOs be putting on their highest priority list in mapping their strategic risk management plans going in to 2012?

1499 Views 3 Comments Permalink Tags: strategy, governance, risk_management, center_for_cio_leadership, agenda, cio-role, risk, compliancy, threat, cio_agenda
centercio-admin
0

Each year, the Center team conducts interviews with  CIO members to collect, analyze and synthesize insights, advice, best practices and input on key business competency areas for CIOs to excel as business leaders.   In 2011, we are focusing on three key themes that CIOs have told us represent areas of challenge, opportunity and leverage for making an impact on the enterprise:

 

  • Analytics: a Tool for Customer Centricity
  • Security and Risk Management
  • Next Generation IT Governance

 

We spend a few months on each topic, creating a CIO Insights research paper, working with members to write blog posts about the topic, gathering pertinent partner research and hosting virtual events on related subjects.

 

This is an important element of the Center’s role in collecting advice and insights from peers.  Send us an email if you are a CIO interested in being interviewed as part of the Center’s research on any of the 2011 topics. 

 

Here’s a bit more detail about the Center’s Three Key Topics of Focus for 2011:

 

TOPIC 1: Analytics: a Tool for Customer Centricity

Customer centricity is increasingly critical to companies’ strategies for growth, and presents an opportunity for CIOs to take the lead.  Technology is at the core of today’s customer engagement strategy, and now plays a key role in the customer experience.  There is a strong need for improved customer data aggregation, segmentation and analytics to support the execution of customer-centric activities across the enterprise, from customer service, to delivery, to marketing and relationship building.  The customer centric enterprise requires a single view of the customer across the enterprise, which in turn reinforces the need for collaboration among those driving the relationship and connections to the customer (marketing) with those providing the conduit, the support and the information (technology).  Today’s CIO has the opportunity to lead the strategy and enablement for customer engagement – but this comes with a new imperative to partner with the CMO – and other customer facing executives - to deliver on the revenue promise of customer centricity.

 

Please note that our next CIO virtual roundtable, Getting Value from Social Media and Unstructured Data: The New Unified View, will cover a key aspect of this important topic.  Check the event page for more details on this event on June 22nd.

 

For those of you interested in past events on the topic of analytics, see the Center Virtual Roundtable, Partnering to Drive Change through Analytics that took place in March.  Click here* to listen to the recording. 

 

TOPIC 2: Security and Risk Management

With the advent of the financial crisis, and rapidly evolving influences of information access and transparency, CIOs more than ever have the opportunity and imperative to take the lead in managing risk and thinking about security in a strategic context for the business.  This topic will explore key elements of the challenges and the potential for CIOs to lead their enterprise, including:

 

  • Beyond IT risk management to understand operations, security and enterprise risk
  • Creating  a culture that is risk aware, not risk averse
  • Playing a proactive role in leading the enterprise to manage risk as a business opportunity

 

TOPIC 3: Next Generation IT Governance

IT Governance continues to be of interest and challenge to CIOs has they expand their influence as business leaders. This topic will help CIOs explore opportunities and new ways to think about the next generation of IT governance, including:

 

  • Governance to enhance and enable integration and alignment with the business
  • Role of governance in  driving impact with analytics and risk management

 

Which of these topics resonate with you and why?  What other topics are you interested in discussing in 2011?

 

* Only CIO members have access to the roundtable event recording.  Join Now.

2610 Views 0 Comments Permalink Tags: governance, risk_management, center_for_cio_leadership, center, customer_centricity, analytics, security, risk


Popular Blog Posts