Commentary: Risk Management Now the Most Important Task
R Admin | March 30, 2009
Risk management is now the most important task for IT managers. Security and reliability risks are important, but the biggest problem is overspending on IT. Buyers should "throw their weight around" in vendor negotiations and "impose hard limits on upgrade costs," Carr says (www.nicholasgcarr.com).
His thesis is causing some anger in the IT industry. Intel Corp. chief executive officer Craig Barrett calls it "pseudo-populist theory," adding that IT is unlike ordinary infrastructures, which don’t let you put "content or value into what you are doing." But Carr’s arguments are resonating in organizations burned by cost overruns, project failures and over-promised systems.
Several points are indisputable:
· An organization should buy only the IT needed to deliver measurable results supporting mission/business requirements.
· It should manage costs.
· It should work to pierce through hype, using techniques such as performance-based contracts to set clear expectations.
· It should gain leverage by collaborating, such as through user groups (e.g., FTS 2001) and enterprise-wide deals.
· Finally, it should manage risk on all levels, including security.
Each of these points falls squarely into the ambit of the Office of Management and Budget’s business case guidance. No one is getting a passing score if these elements and others have not been adequately addressed.
So, the business case is here to stay. Thinkers such as Carr raise the bar for suppliers and their customers who are explaining the value of additional IT investments to management. He also provides an insight that can be used to differentiate successful investment proposals: For IT improvements to be worthwhile, they need to be strategic.
In fact, IT is not ubiquitous. In many places, it is still strategic. Real-time information was the basis for victory in Iraq. Port security, border security, public health and critical infrastructure protection require staying ahead of threats that can be amplified by the malicious use of IT. E-government also can be strategic. The failure to keep up with citizens’ service expectations, or a malfunctioning tax collection system, will only further decrease public respect for American governance, with dangerous long-term consequences.
The argument that IT does matter begins by emphasizing how a particular investment will make a measurable and cost-effective difference in mission performance. That requires the buyer and suppliers to understand the business solutions, their effects on business processes, and the link between technology and mission well enough to know when the combination is a real winner.