|
| Recent
Articles |
What A Lot Of Social Networks Do That People Hate
I sign up for a lot of social networks. Part of my job involves reviewing new sites and knowing what is being launched and as a result I end up signing up for 2-3 new sites a week. Of course, I don't actively use all those...
Visibility - A New SEM Magazine
Apologies for the image quality as I forgot my camera at home and had to take this with my KRZR. A new search marketing print publication has hit the mailboxes this week called Visibility. Backed by the company...
iLike Thrives Through Facebook
In olden times, the pope would often crown a new king. These days, that duty sometimes falls to Facebook - iLike’s recent success has been attributed almost...
Review: Confessions Of An Advertising Man
Book: Confessions of an Advertising Man by: David Ogilvy. Here's the scoop: A good friend of mine, and fellow search marketer who spent many years on Madison Avenue has convinced me to educate myself...
Review: The Enterprise Unified Process
I have just read (skimmed, really) Scott Ambler's book The Enterprise Unified Process: Extending the Rational Unified Process. If you are using the Rational Unified Process (from IBM), or considering doing so, and...
Book Review - Reinventing The Customer Experience
I have just finished Jonathan Tisch's book Chocolates on the Pillow Aren't Enough: Reinventing The Customer Experience. The author is Loews Hotels chairman and CEO and is clearly very knowledgeable about...
|
| Recent WebProNews Articles |
AdWords Formula Fixed For Top Spot
Google's advertisers should be a little happier with the ability to compete for top placement in AdWords, thanks to a tweak to the formula for calculating who grabs the top spot. The top ad placement formula will weigh the...
SES San Jose: Marissa Mayer Speaks
Google VP of Search Products & User Experience, Marissa Mayer, handled the morning keynote for SES San Jose and revealed her love for a certain social networking service. (Our on-scene WebProNews staff has passed...
SES: The Almighty Conversion
If you run an e-commerce site, you want visitors to become buyers. Panelists at SES San Jose suggested making those visitors feel secure while you make your call to action. Our on-scene WebProNews staff has...
SES: Searcher? Oh, Behave!
The way searchers behave on search engines provides a lot of insight into what companies can do to improve their search services. A SES San Jose panel covered some recent enlightenment on searcher behavior research...
ComScore qScore Tallies Well For Google
Search sites measured by comScore under their new qScore 2.0 methodology will benefit from the hosted and affiliated search traffic they send back to the main search engine. It's a scenario that offers Google...
|
 |
|
08.23.07
Book Review: IT Risk
 By James Taylor
I was lucky enough to get a pre-release copy of IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter.
The book approaches IT risk not as a technical issue but as a business and management one with potentially serious consequences. As businesses increasingly are there information systems, this point of view is both necessary and valuable. The book introduces IT risk and its consequences, discusses the authors' 4A framework and outlines 3 core disciplines for IT risk management. It then drills into actual steps to take to fix the foundation, develop risk governance processes and establishing a risk aware culture. It wraps up with some forward looking thoughts and a list of ways in which executives can improve IT risk management.
Their basic premise is that effective IT governance essential in times of high change and increasing complexity (of systems as well as of business/problems). They discuss 4As - availability of systems, access to systems and data, accuracy or data and results, and agility in terms of ease of change - as being the framework for risk management. These 4As are supported by a foundation, a risk management process and a risk aware culture. The framework and the disciplines mostly work well for the authors, only occasionally becoming confusing to the reader. From an enterprise decision management perspective I found the focus on agility very interesting as possible changes to systems should be considered along with general IT effectiveness when managing risk. Also, while the foundation is lower level than EDM, I think the objectives for the foundation can all be met more easily by and organization that has adopted EDM. EDM can make it easier to assess risk, easier to maintain systems, easier to change and fix them. It can also make it easier to apply risk assessments in operational systems by calling out the decisions that must be made, which is where risk assessment matters.
Fixing the foundation is described as a journey and I really liked the focus on incremental improvement. The foundation is a problem as most companies developed their IT infrastructure in stages. However, a poor foundation undermines agility by degrading the business/IT relationship and by making change to existing systems, to meet changing business needs, hard. While I think there are other ways to add agility into existing systems, I do agree with their assertion that you need to change and replace foundation to some extent. They make some fairly good suggestions for broad steps you can take and show the kinds of payoffs that come from the capabilities you enable with a better infrastructure. The authors make a critical point when they show how change in infrastructure is IT change while change in applications is business change but most IT departments don't see the difference - they see it all as "system" change making it harder to manage than necessary. Again, a focus on separate automation and management of decisions can help clarify this difference. There is a fair amount of useful discussion in the book about the need for both local and central management to which I would add one more category - where do decisions live in your organization? Should they be managed locally or centrally? The book outlines both incremental and "big bang" approaches to fixing the foundation and notes that incremental change is slower but surer - EDM is very much in this space despite the "E" word, with its focus on adding better decision-making to existing systems. I also think you could simplify applications by externalizing decisions. The discussion of how legacy application modernization might be business value based or risk based (human resources or technology risk for instance) or both (such as a need to change to support a new business strategy) was well done. I also really liked their idea of a renewal and reinvestment budget to keep legacy modernization ongoing and they had some great stories about human resources risk coming from retirements and the need to get knowledge out of people's heads and into systems (something about which we have blogged before, e.g. in this post on insurance).
The section on a risk governance process was thorough, although I think you need to be careful not to implement all of it blindly, and I liked the focus on broad risk awareness - not "risk-averse" or "risk-pro" just "risk-aware". Think about this in terms of decisions - what is the risk of the wrong person making a decision (a delivery person making a decision about service levels for your best customer) or of a decision being hard to change? To support this idea, IT needs to build systems in a risk-aware way - they need to drive their use of technologies and languages, consider the consequences of a failure to update documentation or code and so on. It occurred to me while reading these sections that organizations considering a policy manual for this stuff should also consider the value of rules and decision management as a basis for a "policy engine" (see this post). They had a particularly nice example of a mid-sized company finding its legacy applications, and the lack of agility in them, to be a key risk and investing in replacing and upgrading systems to make maintenance and evolution easier and less risky. This kind of agility improvement is something enhanced by a parallel focus on decision management.
The book was a fairly quick read, had lots of useful suggestions and some good ways to think about the problem. You can buy the book here and if you think IT risk matters, you should do so.
Comments
About the Author:
VP of Product Marketing with a passion for the technologies of decision automation. 15 years designing, developing, releasing and marketing advanced enterprise software platforms and development tools. Across the board experience in software development, engineering and product management and product marketing.
http://www.edmblog.com
|
