What digital transformation means for risk management – Gartner
FYI, this story is more than a year old
Many CIOs feel that their organisations are ill-prepared to deal with the many new risks associated with digitalisation.
Gartner analysts say these concerns are well-founded.
“As most industries evolve, their risk management approaches fail when they encounter previously unknown hazards,” said Gartner research vice president Robert A. Handler.
“In an IT context, digitalisation represents a point of rapid evolution, and it will create new risks.”
It is critical that CIOs and program, project and portfolio (PPM) leaders evolve their risk management approach for a digital age.
New and Bigger Risks
It is impossible to know the specifics of how or when an unknown risk will become reality or what its impact will be, but we can foresee some factors that lead to new risks.
“Digitalisation magnifies risk,” adds Handler.
“Digital projects connect more and more things together, many of which are not within the direct control of the project leaders.”
This trend adds complexity and interdependency to organisational systems, sometimes in an exponential way.
The current “need for speed” environment of digital business discourages redundancy.
Therefore, potential points of failure proliferate and fragility rises.
“This complexity will accelerate as we connect 5.5 million new things a day to the Internet of Things (IoT),” says Handler.
“Even without that, many IT organisations are already struggling with their focus being limited to their internal systems.”
Keeping Pace With Change Is a Challenge
PPM leaders tend to focus on speed of delivery and marginalise the importance of fault tolerance systems.
In doing so, they are — often unknowingly — contributing to the fragility of a project and everything that depends on it.
“This is — at minimum — a CIO-level issue,” says Handler.
“Most CIOs are familiar with Mode 1 risk management, where risk is linear and has a normal distribution. However, they are still not using accepted risk management standards to their full potential.”
Moreover, increasingly common Mode 2 efforts are experimental and exponentially increase risk complexity.
IT leaders and CIOs must simultaneously invest in traditional risk management for Mode 1 while learning to adapt to the uncertainty of Mode 2.
Agility Is Critical
Multiple small points of failure can cascade into more serious business risks.
The examples of recent IT system failures at airlines like Southwest and Delta, and more recently the WannaCry ransomware attacks show how damaging an initially minor problem can become.
This underlines the importance of minimising even small risks with conventional approaches.
Agility is also crucial.
Where complexity cannot be reduced, agility improves the response to unknown risks.
Use the elasticity of cloud computing to build in slack and reserve capacity, so successful initiatives don’t turn into burdens.
Maintain adequate human resources, possibly through creative partnering with consultants and system integrators.
Monitor more closely for extreme behaviours and extend this monitoring to include operations, partners, the market or anything across the network that could have a significant impact.
“In a digitalised world a failed business system that is connected to a ‘thing’ can cause physical damage or injury,” says Handler.
“Prominent examples include recent smart thermostat failures or accidents with automated cars.
These are physical risks to life and property that few IT organisations have ever faced, but must now prepare for.”
Article written by Gartner contributor Rob van der Meulen