The Value of IT Risk Management – Live from Gartner Security and Risk Management Summit
John Kelly 270004J7VQ firstname.lastname@example.org | | 0 Comments | 117 Visits
Rising from the banks of the Potomac in National Harbor, Maryland, the Gaylord National is an engineering marvel which provides a scenic venue for the 2010 Gartner Security and Risk Management Summit. I attended an intriguing session by Richard Hunter, Gartner vice president and distinguished analyst in which he described the value of IT risk management.
Hunter recently published a book titled, “The Real Business of IT: How CIOs Create and Communicate Value” which is co-authored with George Westerman of MIT. As part of the research for his book, Hunter conducted a survey of CIOs from 2006 to 2009 on IT Risk management. One of his takeaways from his research is that the business context for the value of IT can be summed up as:
IT grows business, continued Hunter, by ensuring “capacity and capability and providing the ability to conduct business in a certain way.” In others words, he explained, it supports someone else’s profit and loss. The third value (transforming the business), is about “enabling new value propositions for new customer segments.”
He recommended IT organizations take the following steps to show value:
A very common theme at the Summit is supported here in that “performance should be defined in terms of business outcomes and performance, not IT performance.”