|Research, training, consultancy and software to reduce IT costs|
Risk management and system governance
IT risk management overlooks critical long-term risks. With system governance, you can identify and manage these risks.
The risk management expert Felix Kloman summarised risk management as "A discipline for living with the possibility that future events may cause adverse effects."
Within IT, we manage a variety of risks.
System governance is a framework for measuring and improving system quality, where system quality is broadly defined to cover fitness for purpose, viability, supportability, security, compliance, and technical standards.
System governance contributes to existing IT risk management. It provides a framework for gathering risk-related information, analysing it, and recommending improvements. Although we at Metrici would not claim it is a full risk management method, it does provide a comprehensive, easy, quick and cheap method for gathering this information.
Perhaps more significantly, system governance can provide visibility of critical long-term risks, that are not well covered by current IT risk management. Here are just some examples.
These risks are critical. In the long run they significantly undermine our ability to provide effective IT services. They reduce our ability to respond to business change. They increase costs. The costs of replacing systems are huge, and yet we do little to manage the risks that systems will need to be replaced early. These long-term risks are much more significant than short-term project delivery risks, but in comparison we hardly manage them at all.
I think we in IT do not even recognise these as risks. Risk management makes a distinction between a risk (something that might happen) and a problem (something that has happened or is inevitable). In IT, we treat these long-term areas as inevitable problems, not as manageable risks.
In the same way that it provides the information for existing IT risk management, system governance provides the information, analysis and recommendations to manage long-term risks. It gives management visibility and guidance on the risks before they turn into problems. With system governance, you can complete your IT risk management and manage long-term risks, not just short-term ones.Next: IT governance and IT processes
Minimal IT: research, training, consultancy and software to reduce IT costs.