Minimising the risk of change - Managing the IT Services Process by Noel Bruton

All changes to systems, methods and processes carry with them some element of risk.

All changes to systems, methods and processes carry with them some element of risk.

A change in one area may produce imbalance somewhere else, necessitating further change - for example, installing a group of computers in an office may suddenly increase network traffic in that area, thus decreasing the service to others in that area.

The practicality of any requested change has to be assessed in at least four aspects:

  • Technical feasibility (can it actually be done and do you really need the change?)
  • Supportability (user training, support staff training etc)
  • Risks versus benefits (is it worth taking the risks given the operational benefits the users and the business will receive?)
  • Cost versus return (the change will cost money, will it pay for itself?)

You must also have a contingency plan for unexpected change. The IT director cannot anticipate everything, and during the year there will be shifts in the business environment. For instance, the company's competitors could take the business by surprise or legislation may change.

Establish a formal mechanism for assessing the practicality of a request for change and approving or rejecting it.

This process should include: an approvals body to consider the change request; an examination of the business and technical issues posed by the change (by separate technical and business groups) and delegating work to an implementation manager.

Managing the IT Services Process by Noel Bruton is part of the Computer Weekly Professional Series, to order call 01865-474010 or e-mail

This was first published in June 2004



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...