Story image

What digital transformation means for risk management – Gartner

16 May 17

Many CIOs feel that their organisations are ill-prepared to deal with the many new risks associated with digitalisation.

Gartner analysts say these concerns are well-founded.

“As most industries evolve, their risk management approaches fail when they encounter previously unknown hazards,” said Gartner research vice president Robert A. Handler.

“In an IT context, digitalisation represents a point of rapid evolution, and it will create new risks.”

It is critical that CIOs and program, project and portfolio (PPM) leaders evolve their risk management approach for a digital age.

New and Bigger Risks

It is impossible to know the specifics of how or when an unknown risk will become reality or what its impact will be, but we can foresee some factors that lead to new risks.

“Digitalisation magnifies risk,” adds Handler.

“Digital projects connect more and more things together, many of which are not within the direct control of the project leaders.”

This trend adds complexity and interdependency to organisational systems, sometimes in an exponential way.

The current “need for speed” environment of digital business discourages redundancy.

Therefore, potential points of failure proliferate and fragility rises.

“This complexity will accelerate as we connect 5.5 million new things a day to the Internet of Things (IoT),” says Handler.

“Even without that, many IT organisations are already struggling with their focus being limited to their internal systems.”

Keeping Pace With Change Is a Challenge

PPM leaders tend to focus on speed of delivery and marginalise the importance of fault tolerance systems.

In doing so, they are — often unknowingly — contributing to the fragility of a project and everything that depends on it.

“This is — at minimum — a CIO-level issue,” says Handler.

“Most CIOs are familiar with Mode 1 risk management, where risk is linear and has a normal distribution. However, they are still not using accepted risk management standards to their full potential.”

Moreover, increasingly common Mode 2 efforts are experimental and exponentially increase risk complexity.

IT leaders and CIOs must simultaneously invest in traditional risk management for Mode 1 while learning to adapt to the uncertainty of Mode 2.

Agility Is Critical

Multiple small points of failure can cascade into more serious business risks.

The examples of recent IT system failures at airlines like Southwest and Delta, and more recently the WannaCry ransomware attacks show how damaging an initially minor problem can become.

This underlines the importance of minimising even small risks with conventional approaches.

Agility is also crucial.

Where complexity cannot be reduced, agility improves the response to unknown risks.

Use the elasticity of cloud computing to build in slack and reserve capacity, so successful initiatives don’t turn into burdens.

Maintain adequate human resources, possibly through creative partnering with consultants and system integrators.

Monitor more closely for extreme behaviours and extend this monitoring to include operations, partners, the market or anything across the network that could have a significant impact.

“In a digitalised world a failed business system that is connected to a ‘thing’ can cause physical damage or injury,” says Handler.

“Prominent examples include recent smart thermostat failures or accidents with automated cars. 

These are physical risks to life and property that few IT organisations have ever faced, but must now prepare for.”

Article written by Gartner contributor Rob van der Meulen

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."