Solid Steps to More Successful Management of IT-Related Business Risk
Efficient and effective management of business risk has become key to driving improved business performance. The more dependent business becomes on IT, the more important IT-related business risk management is to business performance. Yet, too many organizations are wasting too much time and effort on IT risk management while not sufficiently reducing risk to business performance.
Risk management in “steady state” often wastes 20-40% of time and budget. Organizations in planning stages can easily waste over 50% of their resources in unnecessary churn. Missteps in risk surveys, risk registers/inventories/logs, self-assessments, risk warning indicators, and more at least waste precious resources. Worse, they distract from potentially serious threats and can blind an organization to opportunities.
This two day seminar (8-4) will cover:
・Risk management in daily life
・Begin with the business
・Seeing the system
・Getting the foundation right-don’t build a house on sinking sand
・5 steps-make it simple, make it insightful, make it matter
・Right tool for the job
・Stop the insanity-really (dangers and distractions in frameworks,
terminology, heat maps, RCSAs, KRIs, risk registers,
reporting and more)
・Scenario analysis-heart of risk management
・Engaging with the business, step by step in a scenario workshop
・Risk response-taking action, not pushing paper
・Risk reaction-it’s not about capes, it’s about prevention and readiness
・Personal action planning-your difference in your organization
・Step by step based on your current situation
This workshop is designed to help you learn how to:
・Understand the importance of making risk simpler in order to more easily manage change and complexity.
・Understand the 5 step risk management cycle: How it is faster and easier, and better engages the organization.
・Define an environment, understand the factors in an environment
・Understand types of capabilities, the factors that create capabilities and how to document this in a way that provides the basis for building shared understanding across the business of both the risks and need for risk management
・Understand the dynamics of the risk to the business and engaging the business in managing risk to their business objectives
・Create life-like, realistic stories that are based on real causes in the real world
・Identify key warning signs of unfolding situations
・Identify roots of effective risk responses
・Apply the right tool for the job
・Manage to processes, decisions and outcomes
・Shape business cases for improvement Bonus:
・Make risk management fun
・Shape a career path by leveraging risk management skill
Sufficient experience with IT-related risk management to be wondering, isn’t there an easier way to enable more business benefit?
To help you get more from the program, these materials are suggested:
・Read “Real Scenarios for Real Risk Management” from Corporate Board Member https://www.boardmember.com/Article_Details.aspx?id=7032
・Review your organization’s business objectives (financial and operational) overall and key initiatives
・Review your organization’s business environment (economic, buyers, competitors, partners, suppliers, distributors, political/regulatory, technology trends)
・Review your organization’s business capabilities (skills, business and IT processes, technology, intellectual property)
・Review your organization’s business dependencies on IT (IT alignment to business, business-IT investment portfolio, architecture diagrams, system diagrams, continuity dependency diagrams, application maintenance and change records (especially those used for understanding what business process will be unavailable when changes are made)
・Review your organization design, especially to understand how IT provides support to business lines, functions and geographic regions
・Understand how improvement-oriented management support functions such as business process improvement, quality improvement, program/project management, enterprise architecture, transformation initiatives and risk management relate to each other
・Class text is The Operational Risk Handbook (Harriman House, 2011), optional to bring.
Brian Barnier, brings a unique perspective to business-IT management. With a split career between “the business” and IT, he works to bridge two sets of needs to get greater business benefits from IT. He also has a unique vantage point because of his experience in practical projects, best practices committees, research and teaching professional education across industries and countries. Named one of the first three distinguished Fellows of OCEG, he served on the OCEG Redbook Review Committee, co-authored ISACA’s Risk IT Based on COBIT, served on the COBIT 5 development workshop team, the IIA Risk Leadership Summit and BITS/FS Roundtable committees, including the Shared Assessment Program. He has penned over 100 articles, serves on the editorial panels of the Taylor & Francis EDPACS newsletter, ISACA Journal, and Association for Financial Professionals Risk! newsletter, contributed to Risk Management in Finance (Wiley, San Francisco, 2009) and is the author of The Operational Risk Handbook (Harriman House, London, 2011). He twice chaired ISACA’s IT GRC Conference and is co-developer of the Auditing of IT Risk program for NA CACS. Early in his career, he served in financial services regulatory policy in state government. A global businessperson with Finance, Operations and Product Management experience, he has also led teams to nine technology patents.
He can be reached at email@example.com