Solid Steps to More Successful Management of IT-Related Business Risk
Mr.Brian Barnier.jpg

Efficient and effective management of business risk has become key to driving improved business performance. The more dependent business becomes on IT, the more important IT-related business risk management is to business performance. Yet, too many organizations are wasting too much time and effort on IT risk management while not sufficiently reducing risk to business performance.
Risk management in “steady state” often wastes 20-40% of time and budget. Organizations in planning stages can easily waste over 50% of their resources in unnecessary churn. Missteps in risk surveys, risk registers/inventories/logs, self-assessments, risk warning indicators, and more at least waste precious resources. Worse, they distract from potentially serious threats and can blind an organization to opportunities.

Seminar Outline
This two day seminar (8-4) will cover:
・Risk management in daily life
・Begin with the business
・Seeing the system
・Getting the foundation right-don’t build a house on sinking sand
・5 steps-make it simple, make it insightful, make it matter
・Right tool for the job
・Risk evaluation
     ・Stop the insanity-really (dangers and distractions in frameworks,
       terminology, heat maps, RCSAs, KRIs, risk registers,
       reporting and more)
     ・Scenario analysis-heart of risk management
     ・Engaging with the business, step by step in a scenario workshop
・Risk response-taking action, not pushing paper
・Risk reaction-it’s not about capes, it’s about prevention and readiness
・Personal action planning-your difference in your organization
     ・Step by step based on your current situation

This workshop is designed to help you learn how to:
・Understand the importance of making risk simpler in order to more easily manage change and complexity.
・Understand the 5 step risk management cycle: How it is faster and easier, and better engages the organization.
・Define an environment, understand the factors in an environment
・Understand types of capabilities, the factors that create capabilities and how to document this in a way that provides the basis for building shared understanding across the business of both the risks and need for risk management
・Understand the dynamics of the risk to the business and engaging the business in managing risk to their business objectives
・Create life-like, realistic stories that are based on real causes in the real world
・Identify key warning signs of unfolding situations
・Identify roots of effective risk responses
・Apply the right tool for the job
・Manage to processes, decisions and outcomes
・Shape business cases for improvement
・Make risk management fun
・Shape a career path by leveraging risk management skill

Sufficient experience with IT-related risk management to be wondering, isn’t there an easier way to enable more business benefit?

To help you get more from the program, these materials are suggested:
・Read “Real Scenarios for Real Risk Management” from Corporate Board Member
・Review your organization’s business objectives (financial and operational) overall and key initiatives
・Review your organization’s business environment (economic, buyers, competitors, partners, suppliers, distributors, political/regulatory, technology trends)
・Review your organization’s business capabilities (skills, business and IT processes, technology, intellectual property)
・Review your organization’s business dependencies on IT (IT alignment to business, business-IT investment portfolio, architecture diagrams, system diagrams, continuity dependency diagrams, application maintenance and change records (especially those used for understanding what business process will be unavailable when changes are made)
・Review your organization design, especially to understand how IT provides support to business lines, functions and geographic regions
・Understand how improvement-oriented management support functions such as business process improvement, quality improvement, program/project management, enterprise architecture, transformation initiatives and risk management relate to each other
・Class text is The Operational Risk Handbook (Harriman House, 2011), optional to bring.

Program Level
14 CPEs.

Instructor Bio:
Brian Barnier, brings a unique perspective to business-IT management. With a split career between “the business” and IT, he works to bridge two sets of needs to get greater business benefits from IT. He also has a unique vantage point because of his experience in practical projects, best practices committees, research and teaching professional education across industries and countries. Named one of the first three distinguished Fellows of OCEG, he served on the OCEG Redbook Review Committee, co-authored ISACA’s Risk IT Based on COBIT, served on the COBIT 5 development workshop team, the IIA Risk Leadership Summit and BITS/FS Roundtable committees, including the Shared Assessment Program. He has penned over 100 articles, serves on the editorial panels of the Taylor & Francis EDPACS newsletter, ISACA Journal, and Association for Financial Professionals Risk! newsletter, contributed to Risk Management in Finance (Wiley, San Francisco, 2009) and is the author of The Operational Risk Handbook (Harriman House, London, 2011). He twice chaired ISACA’s IT GRC Conference and is co-developer of the Auditing of IT Risk program for NA CACS. Early in his career, he served in financial services regulatory policy in state government. A global businessperson with Finance, Operations and Product Management experience, he has also led teams to nine technology patents.
He can be reached at



リスク管理は定常状態では、しばしばその時間と予算の20%から40%を浪費している。 プランニング段階にある組織では、容易に50%以上のリソースを不必要な取引に浪費している。リスク調査の誤った手順、リスクの登録、棚卸し、ログ、自己評価、リスクの警告、指針、そしてそれ以上に貴重なリソースを浪費しており、更に悪いことには、それにより潜在的脅威を認識出来ず、組織に改善のための機会を見えなくしている。

     ・狂気に陥らない-本当に ( フレームワークの中の危険と集中の欠如、専門用語、ヒートマップ RCSAs
・リスク反応 -それは「岬」ではなく、予防と準備についてである

・5ステップのリスクマネジメントサイクルの理解: どれ程早く簡単により効果的に組織に適応させる事が出来るか


・Corporate Board Memberの以下のリンクの“Real Scenarios for Real Risk Management”
・あなたの組織のデザイン、特にITがビジネス ライン、機能、地理的地域に対してどのようにサポートを提供しているかのレビュー
・テキストには The Operational Risk Handbook (Harriman House, 2011) を使用するが自身で持参も可

14 CPE が付与される

ビジネス(現職:金融関連サービス)とIT(AT&T、ルーセント、IBMに勤務)という2つの分野の職歴を活かしてビジネスとITをつなぐマネジメントにユニークな見解を持ち込み、ITにより大きなビジネスの利益を得るためにその間のニーズの橋渡しを行っている。また、実践的なプロジェクトの経験、ベストプラクティスのコミッティ、調査・教育の国際的な経験を経た極めてユニークな視点の持主でもある。OCEGの最初の3人の著名なフェローとして選出され、OCEG Redbook Review コミッティに貢献し、ISACAのCOBITベースのリスクITを共著で開発した。更に、COBIT5 開発ワークショップチームに貢献し、IIAリスクリーダーシップサミットやBITS/FSの円卓会議にも参加してきている。100本を越える記事を執筆し、Taylor & Francis 、EDPACS ニュースレターの編集パネラーとして活躍し、ISACA ジャーナル、それにAssociation for Financial Professionals Risk! ニュースレターにも貢献してきた。「金融のリスク管理」(Wiley, San Francisco, 2009)、「運用リスクハンドブック」(Harriman House, London, 2011)の著作もある。過去に二度にわたりISACA IT GRC会議の議長を務め、北米CACSためのITリスクプログラムの監査の共同開発も行っている。初期のキャリアでは、州政府の金融サービス規制政策を務めた。グローバルなビジネスマンであり、財務、運用、プロダクト管理の経験を持ち9種類の技術的特許のチームリーダーも経験している。
彼のMail アドレスは