If IT's a Crapshoot: How Much Are You Willing to Risk?
- 07 August, 2003 11:12
- Comments
There's a common thread that runs through the 1984 Bhopal chemical factory disaster, the rogue trading of Nick Leeson a year later, the collapses of Ansett in 2001 and HIH in 2002, and the mass recall that recently engulfed Pan Pharmaceuticals.
No, it is not just they all made it to the top of national news agendas and stayed there for weeks or months as the reputations of the affected companies got serially hammered. They are also all stark examples of gross failures in operational risk management.
The notion of operations risk has had currency since the Committee of Sponsoring Organisations of the Treadway Commission (COSO) coined the term in 1991. Nick Leeson kicked it along in spectacular manner after his rogue trading activities caused the collapse of Barings Bank, and he has been a poster boy for advocates of operational risk management ever since. But now CIOs in a range of industries are being forced to take operations risk seriously, pushed along by the June 1999 reforms of the Basel Committee on Banking Supervision requiring banks to reserve capital to cover their operational risk exposure and fostered by the new sense of vulnerability exposed by the September 11, 2001 terrorist attacks on New York and Washington.
"I think operational risk has always been there, but for financial services in particular [September 11] brought home that things happen that can severely disrupt the business," says Kevin Pleiter, industry leader, financial markets/risk and compliance, consulting services, IBM Global Services. "Managing risk ultimately comes down to your obligations to your shareholders, and at the end of the day, it's your obligation to shareholders to demonstrate that the business that you run is sustainable, and that the profitability of the company is sustainable."
But having recently relocated to Australia after 10 years in the UK and US, Pleiter is highly critical of the "naivety" of the many Australian businesses which have proven slow to accept that a September 11 or any other catastrophe could happen here, and says the response of many businesses has been far too reactionary. The Australian Prudential Regulation Authority (APRA) has made it clear that operational risk, major IT projects, strategic outsourcing and many other major impacts on the operation side of the business will be a keen focus into the future, and CIOs have to adjust to that fact.
Too many organisations have their "heads in the sand", Pleiter says, and whether it's based on ignorance or avoidance (or both) it's dangerous because ultimately "operational risk and the catalyst to actually do something shouldn't be a reactive thing".
He says although it is hard to point to companies doing a good job on operational risk, there has been a revolution in thinking, at least in the financial services companies, where there is growing internal awareness of the value in focusing on operational risk. But he says progress will not really be made until organisations undergo a cultural change where lines of business begin to realise that good operational risk management is good business - not just from the standpoint of their reputation, but also for operational efficiency reasons.
"It's a journey that certainly has a long way to go, but from some of the discussions that we've had most recently, we're starting to see that there is certainly some decent degree of encouragement. I think people that are championing it internally within organisations are certainly becoming very encouraged by the simple fact that some of the understanding and the change that is necessary is starting to happen, because the knowledge is being built up, the intelligence internally is being built up, which is then enabling people to make those decisions."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Top seven firewall capabilities for effective application control
-
Pfizer's Future Depends on IT Transformation
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Oracle Exadata: Extreme Performance Lowest Cost
As organisations contend with escalating demands for greater quantities of information, more sophisticated data analysis, and a burgeoning user population, Oracle Exadata makes database workloads faster, easier to manage, and less expensive. Oracle Exadata is the world’s first database machine to provide extreme performance for both data warehousing and online transaction processing (OLTP) applications. -
CISO Guide to Next Generation Threats - Combating Advanced Malware, Zero-Day and Targeted APT Attacks
Over 95% of businesses unknowingly host compromised endpoints, despite their use of firewalls, intrusion prevention systems (IPS), antivirus and Web gateways.1 Today’s attacks look new and unknown to signature-based tools because the attacks employ advanced malware and zero-day vulnerabilities. To regain the upper hand against next-generation attacks, enterprises must turn to true next-generation protection: signature-less, proactive and real time. Read on. -
SOA Best Practices and Design Patterns
By learning from the experiences of those organisations that have been through the process and looking at the standard best practices of large‐scale technology implementations, success can come earlier and more dramatically. Read more now.
-
Hacking World of Warcraft
-
Myspace Visual Quick Tips
-
Photoshop CS Bible
-
The Unofficial Guide to Macromedia Dreamweaver 8
-
Windows XP Secrets
-
Microsoft Windows XP Simply Visual Second Editio N
-
Beginning PHP 6, Apache, MySQL 6 Web Development
-
Wileyplus/Hs Subscription Stand-alone to Accompany Big Java 3E for Java 5 and 6
-
Beginning Python
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment