Treating IT risk as separate from business risk will no longer work, analysts will tell delegates at the annual Gartner Symposium in Barcelona this week.
Analyst Andy Kyte, who will be giving a presentation on managing risk, said the level of risk IT poses to the whole enterprise has changed as information systems have become core to business operations.
“IT is more intertwined in the processes of the business and business partners. Failures are bigger and more public than they used to be,” he said.
Kyte warned that compartmentalising risks leads to inadequate risk assessment and mitigation. With IT being absorbed and fused into most operational processes, Kyte said there has been a shift in management of IT from the IT department to internal business units and external business partners.
This has created a gap where the process owners are not fully aware of the information and IT risks embedded within their operations, said Kyte.
“Technology has fundamentally changed business process, yet in many cases we have failed to adapt our risk management strategies to account for these changes,” he added.
IT is now a critical component of a company’s ability to perform adequate risk and compliance management. Companies can no longer afford to relegate security to a line item on a balance sheet, Kyte said.
He added, “Gartner believes you can manage the complex risk down to acceptable levels with an integrated risk management approach across IT, across operational risk and ultimately, across your enterprise.”