Guest post written by Mike Duensing
Modern IT departments must navigate through a multitude of dangers, everything from data breaches and insider threats to the proliferation of user-provisioned technologies and the growth of unstructured data. These risks can delay progress, result in data loss, or create significant challenges in managing the applications and data. Uncertainty is the only guarantee.
CIOs, CEOs and corporate boards understand the importance of creating risk management plans. But recent high-profile technology problems like security breaches at RSA and Sony or Walmart’s Black Friday website performance issues, it is clear that many organizations still struggle with helping team members interact, identify and put risk management processes in place that protect the business from internal and external threats.
I’ve adopted a “keep your friends close and your enemies closer” approach to managing risk: By proactively identifying and understanding the underpinnings of a risk, it can be confronted head-on. Surfacing real risks and then providing actionable tasks within a larger project demystifies the issue. It is no longer swept under the rug or relegated to another line item that never is properly resolved. By involving others in the process, creating accountability for understanding the root cause, and designing an action plan to resolve each risk, every team can hold the keys to successful risk management.
Comprehending things that are potentially harmful to you is something Gever Tully discusses during his TED talk “5 dangerous things that you should let your kid do.” Directed towards parents, the discussion is applicable to many things that involve risk, including IT. One of his points is that you can’t properly manage anything potentially dangerous without interacting and developing a thorough understanding of what makes it risky. Likewise, if performance is an issue in your IT infrastructure, you must simulate, interact and understand any contributing factors that could cause issues in order to know how to mitigate these issues.
Developing a repeatable, actionable risk management plan for your entire organization is best accomplished by creating a template that can be reused in every project. You can then operationalize the plans with a collaborative platform so that all team members can participate in the process. This allows for more effective and thorough capturing of risks, mitigation ideas, dependencies and action plans from any location. It can also be quickly adjusted as variables change. The template should enable a dashboard view to chart progress and alert managers to the health of identified issues. If you’re interested in developing and deploying such a risk management plan within your organization, there are a few points to keep in mind:
- Make it noticeable: Risk is an unseen, omnipresent player in every project. Regardless of your level of tolerance, ensure that your team calls out all concerns and addresses them accordingly. To do this, you should discuss all areas of risk and their associated attributes. You can then capture the collective thinking and make it accessible to the entire team in an information map or a shared team document.
- Make it scalable: No company is immune to risk, regardless of size or stature. In fact, the consequences may even be inversely proportionate, as smaller firms don’t have the resources to shift, should something major arise (if you’re a small company with seasonal products and your site goes down during a short selling window, for example). It’s critical to select tools that are adaptable to any kind of project.
- Make it measurable: Treat risks as projects, making each one actionable by assigning tasks, accountable resources and due dates against it. Collaborative social task management tools are great for this, as they provide a real-time advantage over static list-based solutions that simply track progress. Checkpoints are also crucial for keeping everyone on track and for allowing managers to better assign resources and direct timelines for driving mitigation.
Now that you’ve got a good handle on what you should be doing to help mitigate risk within your organization, there are also a few things to try to avoid during the process:
- Don’t set and forget: Risk isn’t static; address it with an action plan, accountable owner and target resolution date.
- Don’t go it alone: There is indeed strength in numbers; leverage the collective wisdom of the team to both identify risks and find a solution that also addresses the issue of scale. Provide collaboration tools to support the team’s efforts; these platforms allow all team members to go in and update status, providing a more agile way of approaching a project.
- Don’t go too far in the other direction: Know “when to say when” in terms of gauging the potential impact of risk. Freezing projects is not always an option. There are acceptable amounts of risk, so decide among your team what the tolerance level is, keeping in mind that it will vary from project to project, region to region, etc.
Think of IT teams as the physicians in charge of the health of your business technology. The tips outlined above are preventative medicine to understand the underpinnings of potential issues and facilitate superior future-proofing and successful risk management of your technology. Just as doctors are constantly learning more about conditions that are harmful to the bod and taking action to resolve and track progress, IT departments require similar tools that allow for a more collaborative approach to managing and mitigating risk. Visualization tools can help provide smoother, more predictable risk management, avoid costly consequences and ensure that IT dispenses well-being to the entire organization.