Risk management entails more than high-profile issues like data breaches. Smaller, less obvious risks can be just as damaging to your organization.
CIOs spend hours reviewing risk management. Prominent areas of concern include disaster recovery, data breaches, and the financial viability of certain technology strategies. But there are a number of less obvious issues that IT typically overlooks — and the negative consequences of doing so can be significant. Here are some of those under-the-radar risks.
1: Storage media
A considerable amount of IT data is stored on tape in regular backup processes that could ultimately be needed for a disaster recovery — but many small and medium-size businesses don't regularly clean tape media or ensure that the environmentals (temperature, humidity) for tape are proper. In an emergency situation, these sites could find that their tapes are unreadable. Taking care of your slow-moving "out of sight, out of mind" storage media is important.
2: Loss of a key staff member
IT leaders understand who their key contributors are, but they still underestimate all the "little things" these major players do day-in and day-out. It is only when a key contributor unexpectedly leaves employment with the company that managers see the skills they are missing and understand that they must now manage without this critical expertise. Knowing your options in advance of these situations better positions you to deal with them.
3: IP security and malicious attacks by IT'ers
IT dedicates time to implementing security for outside malicious attacks, and legions of lawyers ensure that a company's intellectual property is protected. But attacks from the inside are usually unanticipated. A disgruntled IT employee is in a privileged position and can severely compromise a company's information and protected assets. Carefully screening employment prospects before you hire them can help to avoid this. So can situations of "dual control," where you have at least two IT staff members assigned to high data security areas.
4: Vendor support for multinational operations
For CIOs heading multinational organizations, selecting an IT solution that works in every country can be risky, even if there are no issues with how the solution itself works. The reason? IT vendors often have inconsistent service and support levels from one country to the next. For instance, a solution that is well supported in Holland might have only a skeleton support staff in Italy. When looking at a multinational IT solution, each vendor's in-country support and service (as well as its solution) should be vetted in the process.
5: Commercial bandwidth availability for cloud
Cloud solutions are great. But if commercial telecommunications can't consistently deliver bandwidth that can handle cloud access and download demands, your purpose could be defeated. This is especially true for companies looking to run large big data payloads through the cloud. Bandwidth should be a front-page issue with all prospective cloud services providers.
6: Acquisition of a key vendor/loss of a key vendor account manager
A great working relationship with an important vendor can quickly go south when either your key account rep at the vendor leaves or the vendor is acquired by another company that doesn't have the same strong service culture. One way to manage risk in this situation is to always write your vendor contracts with an "out clause" in the event there is a change of management control with the vendor.
7: Silos that can affect communications and problem solving
IT is a discipline of many different specialties. Each of these specialties requires its own engineers and experts because the science of IT is complex and it's impossible for an IT generalist to handle all of it. The flip side is that each specialty can become a silo of activity, without effective communications outward to other areas of IT. In the course of a day, IT leaders can forget this. They shouldn't — because missed communications heighten project risks.
8: Interpersonal skills
Since IT is a technical discipline with specialists often conversing in acronyms, IT pros may forget to speak in plain English when they're working with end business users. Technical shop talk can quickly intimidate users, conveying an impression of IT arrogance. When this happens, progress in business is set back, and that creates risk.
9: Black box code
There are businesses that have been running the same custom-developed code for more than 40 years. It works flawlessly, and it's a good thing it does... because there's no one left at the company who knows what's in the black box code or how to modify or fix it.
10: End-user deals with IT vendors
End users continue to make deals with IT vendors for departmental IT applications and solutions without verifying that what they buy is compatible with other software and hardware. It doesn't matter — until there is a need to integrate this solution with other systems. That's when IT gets called into a meeting. The risk of an incompatible solution must be managed. It can best be handled with a corporate-wide policy that gives IT an opportunity to review a proposed IT solution before a contract is inked.