Global CIOs: What Keeps Them Up At Night?

3/21/2012

By Jane Zamarripa

According to a recent survey of over 3,000 global CIOs, it’s Risk Management. And in financial and banking industries, where personal and financial data from daily transactions abound, this concern is particularly pronounced. 80 percent of CIOs in finance and banking list risk management as an area demanding greater attention. What changes in the current business environment prompted this shift, and what factors are organizations considering in adapting their current risk management strategies?

On February 29, 2012, the Global Enterprise Technology (GET) Program hosted Bill Barrett of Ernst & Young’s Americas Financial Services Office, to address such questions in a lecture on managing IT risk. The event presented a unique opportunity for students to gain insight from an IT risk professional with experience on the front lines advising the world’s leading global financial institutions.

A few lessons we learned from Bill….

Changing Environment & Emerging Risks

Attacks on customer databases and company websites. Surges in employee usage of social media. The introduction and adoption of mobile technologies. Each of these factors is expanding the IT risk universe, and as a result, complicating the task of managing IT risk.

The trends listed above are difficult to ignore. They command attention from organizations due to the significant press coverage they generate, yet CIOs must also stay attuned to developments in the following areas:

Growth in the” global” business model and resulting trends in outsourcing and reliance on third party vendors
Increased need for information innovation and technological change, driven by virtualization, mobile computing, and cloud computing
Expansion on regulatory requirements
Greater inquiries from board and audit committees on information risk
Customer concerns on protection of financial and personal information

Identifying Risk

Identifying risk should boil down to one question: “What can potentially go wrong?” In answering this question, it is important for organizations to consider their stock of IT assets, from information, people, and facilities, to the network, hardware, and software.

Proper risk assessment requires consideration of possible risk in three areas: financial, reputational, and regulatory and legal compliance. Developments in one area have ripple effects in the others. Failure to comply with federal financial regulations, for example, may leave sensitive financial data vulnerable to attack.

Source: The Evolving IT Risk Landscape : The Why and How of IT Risk Management Today (Ernst & Young Report 2011). Click image to enlarge.

Goals of IT Risk Strategy

Risks, once identified, can only be mitigated or managed. They are seldom eliminated. It will be important for organizations to implement risk management strategies that reflect their unique prioritization of risk, while maintaining a balance between managing proactively and reactively.

Employee involvement is key. Managing information and technology risk is the shared responsibility of all members of an organization. Employees at all levels- whether on the first line or in the C-level suite- each have a role to play, and their understanding of risk and participation in strategy implementation are critical.

Can you think of other changes –societal or technological- affecting the IT risk landscape? As CIO, how would you prioritize the risks outlined above? Tell us your thoughts in the comments section!

Jane Zamarripa is a first year Masters student in the Information Management program at Syracuse University. As a result of her experience working as a constituent services representative, she is passionate about exploring the ways in which technology can be leveraged to improve citizen interaction with government. She holds a B.A. in International Affairs from the George Washington University in Washington, D.C.