Director logo
Technology
The value of techs' education
by Peter Bartram

Directors who rely on those nice folk in the IT department to keep their computers running could be in for a nasty shock. A new report, IT Risk—Closing the Gap, argues that the boffins aren't usually very good at explaining to the board where IT risks may lie. "Boards, in particular most non-executive directors, simply don't have inherent practical experience of IT risk," says Grant Waterfall, partner of risk assurance services at PricewaterhouseCoopers (PwC), which researched the report for the Institute of Internal Auditors.

"This means they're unlikely to understand the full extent of the risks and opportunities that technology presents to their companies," he adds.
And smaller companies appear to be more vulnerable, according to recent research by insurance firm NIG, with little IT support and no disaster recovery plans in the majority of cases.

There are 11 different kinds of IT risk, according to the research (see below). The most common of these is failing to manage large projects successfully. For example, three years ago, Penguin Books' distribution system almost collapsed when the company opened a new computer-controlled warehouse at Rugby.

The systems didn't work properly and staff ended up picking orders for the Christmas rush from a temporary marquee in the car park. Penguin's chief executive, Anthony Forbes Watson, left the company shortly after the debacle.

IT risks that can damage a company seem to lurk almost everywhere. With many organisations spending more than ever before on IT, it's not surprising that directors are getting nervous.

Waterfall advises companies that rely heavily on IT to make sure they have a tech-savvy director on the board in either an executive or non-executive capacity.

IT professionals should learn to speak management's language while directors must work more closely with IT to identify and manage the risks. "Assessing risk is a team game, bringing together IT professionals, who understand the technology but not necessarily the impact that has to be managed, with business managers, who lack the technical background but can draw out the implications."

First 11: the primary areas of risk

IT projects: they're getting bigger and more complex. A quarter fail and half are over budget.

IT resilience and continuity: when computers crash, so might the business—57 per cent of all business disasters have an IT dimension, according to the London Business School.

IT governance: managing IT poorly could cut profits by 25 per cent, according to a Massachusetts Institute of Technology study.

Data security and privacy: leaking customer details can mean bad publicity and a rap over the knuckles from the Information Commissioner.

Business systems: updating application software might seem a good idea but could create control loopholes.

Data quality risk: get details about customers badly wrong and they're likely to move to a competitor.

IT compliance: failing to comply with IT standards may mean systems work inefficiently—or not at all.

Global IT: they do it differently overseas-which may mean there are risks you don't even know about.

Emerging technology: cutting-edge sounds great until you realise that new equipment doesn't always work smoothly.

IT sourcing: outsourcing to India cuts costs but customers might complain they can't understand what call-centre operators are saying.

Asset management: not knowing what computers and software you've got is a problem—especially if some of it's not properly licensed.

Source: PwC

November 2007 : Director Magazine
About Us | Contact Us | Director Publications | IoD | © 2009 Director Publications