Manage Learn to apply best practices and optimize your operations.

Why finance and IT should buddy up on risk strategies

Rob Livingstone explains how finance and IT should approach risk and define risk strategies in today's volatile business environment.

Why should finance and IT be aligned on risk strategies?

How well do your organization's risk strategies adapt to the volatile, hyper-connected world in which we operate? Are your organization's risk strategies well coordinated enterprise-wide across the various departments and silos? How can you tell?

The management of risk should be intrinsic to the organization's overall business strategy, but it's more easily said than done.

A 2010 McKinsey & Company worldwide survey of over 2,300 executives of multi-business companies were asked how they approach the development of corporate strategy and found that only 19% said their organizations had a distinct process for developing corporate strategy. Furthermore, the report states that "nearly a quarter think their companies should engage in corporate strategy development on an ongoing basis (as opposed to episodically), compared with only 8% who said they currently do."

Therein lies the challenge for enterprise risk management, be it financial- or technology-centric. Developing a high-value, resilient and adaptive ongoing enterprise IT risk management capability (or any other mission-critical function within the organization, for that matter) in the face of an ill-defined, outdated or poorly articulated business strategy is exceedingly difficult.

It should be noted, however, that enterprise governance and risk management models for finance have been around a lot longer than those for IT, and are far more mature and well understood. Whole libraries are filled with local and international accounting and finance standards, statutory compliance mandates, auditing processes and reporting frameworks for all types of industries, globally. A by-product of this legacy is that, for the most part, everyone in the organization understands the need for and works within these financial compliance, reporting and risk management frameworks. IT governance models, on the other hand, are still maturing, and might never fully stabilize because of the high rate of innovation and change inherent in digital technologies.

In light of this key difference, both finance and IT leadership cadres should ensure there is a common understanding of risk, in all its forms, and how it relates to the intrinsic value and viability of the entire organization. For that, both IT and finance cannot afford to be anything other than collaborative when it comes to understanding, articulating and implementing optimal risk models across the organization.

Bottom line:

For organizations to prosper in our unpredictable and increasingly competitive globally interconnected world, the processes associated with the identification, mitigation and management of risk at every level should be routinely tested for relevance, and validated as necessary to reflect the changing circumstances. Just like climbing Mount Everest, regular updates on the changing conditions should shape your risk strategies and plans. Failing to do so could be fatal.

About the author:
Rob Livingstone is a former CIO with more than three decades of experience in the corporate world. In addition to running his IT advisory practice, he is an author and commentator, providing authoritative, independent insights on a range of IT topics including emerging technologies, governance and IT security. Rob is the author of the book
Navigating through the Cloud and is also a fellow at the University of Technology, Sydney, Australia, where he teaches leadership, strategy and innovation in the school's flagship MBITM program. Visit Rob at www.rob-livingstone.com or email him at rob@rob-livingstone.com.

Dig Deeper on Financial analytics and reporting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.