The top line finding of the survey of 1,077 IT executives in 22 countries is that a focus on IT cost and time has increased IT business risk. As a result, change management was not being implemented effectively.
Mercury says that IT business risk differs from conventional definitions of IT-related risk, which focuses on security threats from viruses and hackers, and disasters from fire or terrorism. Instead, it regards IT business risk as referring to risks arising from the failure or under-performance of a company’s IT systems that result in negative business outcomes.
The survey suggests that two fifths of firms in Europe believe that IT business risk is not managed in a coordinated way, in their company. For the UK, this feeling applied at a third of firms. Just over half of all European firms believe that no more than 50% of IT initiatives in the past two years have had positive business outcomes.
According to Mercury UK and MEA head James Stevenson, there is an important lesson for UK firms. He says, “when assessing the impact of risk at UK firms, there seems to be a greater focus on cost rather than thinking that if a project doesn’t go well, what’s the potential impact on revenue or on our customers.”
To address such concerns and reduce IT business risk, Mercury advises that firms automate change control. It says that firms should deploy technology that manages all change requests in a single system of record; get full visibility of all change impact and collisions; make change decisions and approvals based on business impact; track and audit all change requests, decisions and deployments; manage changes from request through deployment