So, What Is ERM?
A good rule of thumb in IT is that the number of definitions for a concept rises proportionately to the concept's buzz. ERM, for which we collected no fewer than a dozen definitions, is no exception. We'll use James Lam's definition.
Lam is an author and consultant who says he was the first chief risk officer at any company, a position that he pioneered at GE Capital. ERM, he says, is "the integrated management of business risk, financial risk, operational risk and risk transfer to maximize a firm's shareholder value". That is, making a company more profitable by creating a single view of all risks, internal and external, and an executive-level management strategy to deal with those risks.
Some principles underlying Lam's (or anyone's) definition of ERM include:
1. An integrated view of risk. IT, HR, finance and every other "silo" uses standardized language, metrics and tools. Many finance departments already have processes for managing risk, so it's possible that such standards will come from there. Meanwhile, Bill Sharon, CIO of advertising agency McCann Worldgroup, has borrowed heavily from a risk system developed by Nobel Prize-winning psychologists, as described in the book Against the Gods: The Remarkable Story of Risk, by Peter Bernstein.
2. A pan-corporate view of risk. ERM is not collecting each silo's risks to its own silo. It's collecting each silo's risks to each other and the company. When Sherry Higgins took a position at the FBI to lead its IT modernization effort, called Trilogy, one of her first acts was to install an enterprise risk framework. Almost immediately, she realized her first deadline was only four months out and unrealistic. "The risk to the project was obvious," Higgins says. "But I was looking at the risks to the FBI. What does that mean for intelligence analysts not getting these systems on time? When you go to [the US Congress] and deliver this news, what does that mean to funding for the FBI as a whole? The goal of ERM is to get at these risks that span stovepipes or fall between them."
3. A bottom-line view of risk. Risks always get expressed in terms of their potential impact on the business as a whole, not in terms of their impact on any given silo. When Higgins decided she needed to hire professional project managers for Trilogy, she had to sell FBI Director Robert Mueller on that. She didn't focus on the potential for the project to fail. She sold him by explaining that the FBI ran the risk of being unable to do its job.
4. A risk office's view of risk. In a growing number of companies, ERM is facilitated by an executive-level risk office that provides the expertise and resources you don't have the time or money to acquire. Many risk experts argue that if you don't have a risk office, you're not really doing ERM.
The CIO's role is the same as every other silo leader's role - to identify risks within the department and, by collaborating with leaders from other departments, to identify risks across business units. It is a support role to the risk office but a critical one. While most risk officers are fluent in financial risk, they are counting on you to identify operational risks related to IT.
5. A longitudinal view of risk. Risk is an ongoing behaviour, not a regularly scheduled process.
This stuff isn't new. Risk management hails from a lineage of related, proven practices. ERM's uncle is the quality management movement of the 70s, when manufacturers adopted quality standards that in turn led to better products. ERM's grandfather is Nobel Prize-winning game theory, a mathematical system for optimizing decisions in a competitive setting. Its principles govern risk methodologies today.
You've probably done a little bit of risk management at the project level. In a way, ERM is the same thing except, in this case, your company is the project. What is new about ERM is the breadth of its vision. ERM's idealistic goal - to unify risk management across an entire company - makes it a daunting undertaking (and so far, a rare one). George Westerman, a research scientist who is studying ERM in relation to information technology at MIT, says that in its current state, ERM reminds him of what someone once said about e-commerce in the 90s: It's like teenage sex. "Everyone wants to be doing it. Everyone thinks everybody else is doing it. Not many people are actually doing it, and no one is doing it particularly well."
"The topic is so big and scary," Westerman says, that people decide not to try. However, he adds, "It's so important to just get started."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Everything you need to know about email and web security (but were afraid to ask)
Data grids and service-oriented architecture
Solve Exchange Mailbox Storage Issues Once and for All
Controlling storage costs with Oracle database 11g
Gaining Competitive Advantage Through Enterprise Planning
Taking On Demand CRM Integration to the Next Level
Making the Business Case for IT Consolidation
Wireless LANs: Is my enterprise at risk?
Zones provide focussed content from CIO and leading technology partners.- White PaperLearn to tie virtualized computing to virtualized storage, to offer a dynamic set of capabilities within the data centre and create improved performance and system reliability. Discover how best to utilize EMC Celerra in a VMware ESX environment.
- White PaperJoin industry expert Bob Spurzem and Chuck Arconi of Fox Hollow to discover how to reduce Exchange total storage and keep it at a manageable level. Learn how Exchange storage growth can be contained without sacrificing security and accessibility.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
TJX Maxx hacker banged up for 30 years 09 January, 2009 11:26:00
Key figure in the infamous TJX Maxx Wi-Fi hack of 2005 has been sentenced to 30-years in prison by a Turkish court.Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. - +
Data breaches rose sharply in 2008, says study 08 January, 2009 08:27:00
More than 35 million data records were breached in 2008, according to the Identity Theft Resource Center.More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC). - +
Rogue SSL certificate exploit puts VeriSign on the spot 07 January, 2009 11:04:00
Wishes "white hat" researchers had notified VeriSign before public demo.Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk. - +
With Gaza conflict, cyberattacks come too 05 January, 2009 08:03:00
Pro-Palestinian hackers have defaced thousands of sites following attacks in Gaza.The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet. - +
5 ways to secure your Blackberry 18 December, 2008 12:58:00
What do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your handsWhat do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your hands.
IT industry veteran advises caution on outsourcing selection in light of Satyam problems 09 January, 2009 21:45:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 07 January, 2009 17:30:00
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 07 January, 2009 16:30:00
|
||
|
||
|
|
||
|
Data grids and service-oriented architecture
When choosing an SOA strategy, corporations must ensure data availability, reliability, performance and scalability. A data grid infrastructure, built with clustered caching provides a framework for improved data access that can create a competitive edge and sustain customer loyalty. Read on to discover how this can be created within your organisation.
