18 Feb 2009
IT managers have become adept at using technology to manage risk, but without the right processes, employee attitudes and education, that investment is meaningless.
It is not just managers, but staff at all levels of an organisation need to understand the importance of best practice, to be aware of the threats and risks they face, and to treat sensitive corporate information as if it were their own.
A recent Computing web seminar, in association with BT, looked at the cultural and organisational aspects of effectively managing risk. Our experts answered viewers’ questions and here we present their answers.
Our experts were:
Simon Perry, principal associate analyst at Quocirca.
Bill Rann, global head of strategy and UK head of BT’s
continuity, security and governance practice.
Q: I think the biggest threat is complacency. Staff don’t worry about risk on the grounds that it would be too difficult or not worth the effort. How do you shake people out of complacency, other than when something goes wrong?
Simon Perry: People become complacent because the impact of risk is regarded as something external. I don’t think it is because they don’t care, but quite often we are not transparent enough in explaining to individuals the impact if something goes wrong.
Ask questions such as: Why is this meaningful to you as an organisation? Why is this meaningful to you in the context of the people you work with?
Most people do care about the success of their department, their job function, and the people they work with. I would like to think that if a company does the right thing by an employee, the employee will care about the outcome for the business.
Q: Are we really any better at managing risk now than we were in the past? What have we learned from 25 years of managing risk?
Bill Rann: There is a long way to go in managing operational risk and appreciating the benefits of it.
The finance sector has spent years investing in market and credit risks and understanding those from an analytical and mathematical perspective, and providing buyers and sellers with information to help them beat the market.
There is a lot more that we can do to beat the competitors through better application of the science.
How do you get people to look beyond obvious risks, those with a clearly identifiable consequence, to focus on the more “unknown unknowns” with a potentially bigger impact?
BR: There is a difference between risk and uncertainty. Risk is when you know something and you can look at its sensitivities and how that is going to change as a result of investment, and then you can begin to map it. If you can map your risks, you can bed down the things you know and worry about, which is a great place to start.
You can then start worrying about the unknown unknowns. Until you have fixed the basics and put a platform in place, you cannot really begin to address those problems other than one at a time.
You talked about complacency, but what about apathy? There is a general apathy among the workforce towards governance. They see it as a bureaucratic, tick-box approach. How do you tackle that?
SP: Sometimes we make it much too boring for people. We get so bogged down with the minutia, putting together endless sets of reading for people to educate them, and endless tests they have to complete, and it becomes a tick-box approach.
Let’s not forget that the word “governance” has become a little bit like the words “holistic” and “paradigm” – it has become a word that is vomited out there and has become meaningless. Make it fun for people. Remember that when you look to engage them.
To watch the full web seminar including presentations from our expert panel, visitwww.computing.co.uk/2234714
Managing risk – it’s about people, process and technology
Computing is hosting a half-day seminar in London on 18 March entitled Managing risk – it’s about people, process and technology.
Speakers include:
Marcus Alldrick, chief information security officer, Lloyd’s of
London
Gary Murray, former MI5 and US government undercover agent
John Walker, director of the Information Systems Security
Association
Ray Stanton, head of global security and business continuity,
BT
For the full agenda, visit: www.computing.co.uk/2236129
Places on this exclusive seminar and networking event are limited and available on a first-come, first-served basis. To register your interest in attending, email lucy.tarbard@incisivemedia.com.
Have your say on this article
Newsletters
Latest stories from Management
Latest videos
You may also like
Management jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
