Management needs better understanding of business risks due to IT failure
1 min read
Manufacturers are too blind to the business risks of IT failure – even to the potential impact on their companies’ operations as a result of changing or updating aspects of their IT. Brian Tinham reports
Manufacturers are too blind to the business risks of IT failure – even to the potential impact on their companies’ operations as a result of changing or updating aspects of their IT.
That’s one of the key findings of a study carried out by business technology analyst firm Mercury in conjunction with the Economist Intelligence Unit, entitled ‘The business risk from IT’.
The full stats are due for release early next month, but the survey indicates that one of the reasons for the oversight is management pressure on IT departments to respond to issues like governance or mergers and acquisitions, so that risk reviews get squeezed.
Another is companies’ failure to recognise the difference between straight IT risks, like security threats or disaster recovery issues, versus business risks form ‘normal’ IT operations.
Mercury Interactive – which started life as an IT performance test systems vendor but moved into IT governance and change and portfolio management with Oracle spin-off Kintana – says its survey reveals IT executives believe that supply chain and logistics operations are the key potential risk areas.
Neil Macgowan, director of technology for Mercury UK, says: “Our research shows that it’s going to get worse because companies are introducing bigger risks. Think about SOA [services orientated architecture] and business security issues.”
He sees five keys to preventing business crises due to IT failure: investing in proper project management, SLA (service level agreement) management, formal change management, security teams and IT demand and portfolio management.
“Change management, for example, should impact everything: quality, performance testing, managing the process of change. Traditional approaches like help and service desks aren’t enough: they’re reactive and can create more problems through ineffective analysis and management.
“The Mercury change control solution allows you to manage IT change by providing a single system of record that integrates with popular service desk solutions like Peregrine and Remedy, and has the ability to analyse requirements using application mapping.
“That means we can do impact analysis at the advisory board level, and help them to look for solutions… So if they need to modify a patch on an Oracle database, we can see which applications use it, and what business processes and services are being delivered by it – and so the business risk of, for example, patch processes being unavailable for 24 hours.