Separating IT and business risk will no longer work

News

Separating IT and business risk will no longer work

Cliff Saran

Treating IT risk as separate from business risk will no longer work, analysts will tell delegates at the annual Gartner Symposium in Barcelona this week.

Analyst Andy Kyte, who will be giving a presentation on managing risk, said the level of risk IT poses to the whole enterprise has changed as information systems have become core to business operations.

“IT is more intertwined in the processes of the business and business partners. Failures are bigger and more public than they used to be,” he said.

Kyte warned that compartmentalising risks leads to inadequate risk assessment and mitigation. With IT being absorbed and fused into most operational processes, Kyte said there has been a shift in management of IT from the IT department to internal business units and external business partners.

 This has created a gap where the process owners are not fully aware of the information and IT risks embedded within their operations, said Kyte.

“Technology has fundamentally changed business process, yet in many cases we have failed to adapt our risk management strategies to account for these changes,” he added.

IT is now a critical component of a company’s ability to perform adequate risk and compliance management. Companies can no longer afford to relegate security to a line item on a balance sheet, Kyte said.


He added, “Gartner believes you can manage the complex risk down to acceptable levels with an integrated risk management approach across IT, across operational risk and ultimately, across your enterprise.”

Gartner symposium >>


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy