Managing IT risk in today's cyber economy is a high priority. New standards and regulations focus on operational risk management – weighing risk against reward and building in systems and procedures to try to reduce or eliminate risk.
However, risk management in IT, as in any other area, centres on people and the decision-making process. The ultimate question then, is whether an individual IT manager is by nature the right type of risk taker for that role? To answer this, we need to consider two important aspects of human psychology.
First, perception of risk can be highly subjective, even irrational, and is easily influenced and distorted by a variety of factors. Second, people are not only the victims of risk and hazard, they are a very important part of the cause.
It's probably safe to say that, by virtue of the variability of our species, we would all be a liability within one context or another. Anxious, dithering drivers can be almost as much of a risk as those who are reckless.
The cerebral professor may make a very unreliable assembler of flat-pack furniture and the successful fighter pilot may prove a liability when it comes to any detailed or routine tasks.
Everyone is by their nature a risk in one context or another, and there are plenty of examples in which disastrous risk taking of one individual ruined lives, businesses and institutions – ask anyone who worked for Barings Bank until Nick Leeson blew it all away. Whatever the task in hand, the management of human risk is all about ensuring that the appropriate people, or the appropriate combination of people, are drafted in to deal with it.
High levels of creativity and individualism are distinctive features of the IT sector and innovation inevitably involves risk. Risk is therefore a necessary ingredient of success here just as it is in any other area of enterprise. We certainly need the risk takers, but there is always a tension between taking a chance and playing it safe and we are wary of the potential downside. Regulation and best practice frameworks are obviously important moderating influences, but the dilemma is that total elimination of risk could also stifle innovation, so operational risk management needs to appreciate the nature of the beast.
Personality determines whether, deep down, we are anxious or reckless, optimistic or pessimistic, trusting or wary, organised or spontaneous, thrill-seeking or cautious. All these personality factors contribute to our risk type. They reflect our true nature and set the baseline for our capabilities. When the pressure is on, we revert to risk type.
Geoff Trickey is managing director of The Psychological Consultancy
Are you a natural IT risk taker - find out by taking a free risk test.
Computer Weekly has teamed up with the Psychological Consultancy to research the risk types within IT. We are offering you the opportunity to participate in a profession-wide risk type survey and for you to learn about your own risk type. Participants will receive their own confidential Risk-Type Compass report. The combined data, which will be reported in Computer Weekly, will provide us with a unique picture of our industry.
1) Click here to go to test page
2) Choose Online Assessments
3) Enter access code: COMPUTERWEEKLY
4) Follow the on-screen instructions