There is no doubt that recent advances in information technology have created exciting opportunities for many organizations to increase productivity, introduce innovative products and services, and enter new markets. Increases in IT capabilities, coupled with the reduction of hardware and software costs, will provide even more opportunities in the next few years.

With such an increased dependence on IT capabilities, organizations are at a higher level of risk exposure from their IT systems. Interruptions to IT availability, data corruptions and security breaches can have a serious and adverse impact on any organization’s operational capability and financial health.

Recognizing the importance of IT systems to the well-being of an organization is a critical first step. Managers can then devise a simple approach to address IT risks in a more effective and sustainable manner. Analyzing potential IT risks along the following four dimensions enables managers to better assess such risks and devise practical solutions to address them:

Security

There has not been a shortage of IT security breaches recently. Companies of all sizes and across all industries have experienced them. IT security issues range from internal concerns such as unauthorized access to sensitive data by employees and the introduction of worms and viruses through downloads to the theft of confidential business data. External security issues range from hackers and worms to denial of service attacks.

An effective security plan encompasses periodic user password changes, ongoing user and IT training on the latest security practices and the establishment and verification of effective user rights and privileges for application and information access protocols.

External security solutions can range from conducting periodic intrusion detections and traffic monitoring to maintaining updated firewalls, the use of encryption technologies and updated information access platforms.

System effectiveness

Not having the right hardware and software systems will result in increased IT risks. Outdated hardware platforms that lack the proper support lead to increased downtimes and expenses for the organization. Outdated software systems introduce security holes to the organization because of the lack of availability of updated patches. Poorly fit software applications, even if they have been updated, result in the creation of workarounds such as the increased use of spreadsheets and other offline recordkeeping methods, which can in turn lead to errors and quality issues.

To minimize such risks, organizations should be updating their key regular hardware and software components on a regular basis and should move away from outdated and poorly supported platforms. It is important to establish budget allocations for hardware and software upgrades to ensure such risks are minimized. Additionally, using proven application selection and implementation approaches, coupled with a continuous monitoring of key business processes, will help reduce IT risks from poorly selected and implemented business applications.

Business continuity

As operations are typically so highly dependent on IT availability, it is critical to have plans in place in case IT systems are not available or functional. Many organizations look at business continuity as having backups available for data restoration. The ability to successfully restore backups is important, but it is only a small portion of the overall business continuity framework.

An effective business continuity plan addresses a wide range of IT and non-IT elements, from computer systems to office facilities, in case key aspects of the organization are not available because of an unforeseen disaster. Recent advances in cloud technologies are starting to offer many innovative IT-enabled business continuity capabilities for organizations. Not having a plan in place that has been updated and tested on an annual basis poses substantial risks to an organization.

Business intelligence

Nothing is worse than having invested in IT capabilities but then not being able to get the right data at the right time to make good decisions. Low quality data, data errors resulting in multiple versions of truth and lack of standardization across departments all can lead to errors affecting decision-making processes and can result in increased organizational risks.

Effective data management practices can substantially reduce organizational risks by providing decision makers with timely, accurate and relevant information to manage more proactively. Organizations with poor data management practices are not able to take advantage of recent developments such as dashboards and performance management tools because such tools are only effective if their underlying data elements are accurate and updated in a timely manner.

In summary, an effective IT risk management system should not be simply looked at as a necessity but rather as an opportunity to minimize risks and enable the organization to grow and prosper through increased productivity, process capabilities and better management decision making.

Sassan S. Hejazi can be reached at Email or 215.441.4600.

Related: