Story image

What digital transformation means for risk management – Gartner

16 May 2017

Many CIOs feel that their organisations are ill-prepared to deal with the many new risks associated with digitalisation.

Gartner analysts say these concerns are well-founded.

“As most industries evolve, their risk management approaches fail when they encounter previously unknown hazards,” said Gartner research vice president Robert A. Handler.

“In an IT context, digitalisation represents a point of rapid evolution, and it will create new risks.”

It is critical that CIOs and program, project and portfolio (PPM) leaders evolve their risk management approach for a digital age.

New and Bigger Risks

It is impossible to know the specifics of how or when an unknown risk will become reality or what its impact will be, but we can foresee some factors that lead to new risks.

“Digitalisation magnifies risk,” adds Handler.

“Digital projects connect more and more things together, many of which are not within the direct control of the project leaders.”

This trend adds complexity and interdependency to organisational systems, sometimes in an exponential way.

The current “need for speed” environment of digital business discourages redundancy.

Therefore, potential points of failure proliferate and fragility rises.

“This complexity will accelerate as we connect 5.5 million new things a day to the Internet of Things (IoT),” says Handler.

“Even without that, many IT organisations are already struggling with their focus being limited to their internal systems.”

Keeping Pace With Change Is a Challenge

PPM leaders tend to focus on speed of delivery and marginalise the importance of fault tolerance systems.

In doing so, they are — often unknowingly — contributing to the fragility of a project and everything that depends on it.

“This is — at minimum — a CIO-level issue,” says Handler.

“Most CIOs are familiar with Mode 1 risk management, where risk is linear and has a normal distribution. However, they are still not using accepted risk management standards to their full potential.”

Moreover, increasingly common Mode 2 efforts are experimental and exponentially increase risk complexity.

IT leaders and CIOs must simultaneously invest in traditional risk management for Mode 1 while learning to adapt to the uncertainty of Mode 2.

Agility Is Critical

Multiple small points of failure can cascade into more serious business risks.

The examples of recent IT system failures at airlines like Southwest and Delta, and more recently the WannaCry ransomware attacks show how damaging an initially minor problem can become.

This underlines the importance of minimising even small risks with conventional approaches.

Agility is also crucial.

Where complexity cannot be reduced, agility improves the response to unknown risks.

Use the elasticity of cloud computing to build in slack and reserve capacity, so successful initiatives don’t turn into burdens.

Maintain adequate human resources, possibly through creative partnering with consultants and system integrators.

Monitor more closely for extreme behaviours and extend this monitoring to include operations, partners, the market or anything across the network that could have a significant impact.

“In a digitalised world a failed business system that is connected to a ‘thing’ can cause physical damage or injury,” says Handler.

“Prominent examples include recent smart thermostat failures or accidents with automated cars. 

These are physical risks to life and property that few IT organisations have ever faced, but must now prepare for.”

Article written by Gartner contributor Rob van der Meulen

NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.