Posts Tagged ‘risk’

Say Hello To Your Next Monster IT Project: GRC

Thursday, April 8th, 2010
Image Credit Screw Up A GRC Project And You’re Gambling With Your Career

Screw Up A GRC Project And You’re Gambling With Your Career

As IT Leaders we are always looking forward to our next challenge, the big project that looks impossible at the beginning, but which through our superhuman efforts turns into a technical and business success story. This is all great, but we do need to be careful because there’s one big project out there that could do us in – governance, risk and compliance (GRC).

Looks Like You Need A Strategy

When they come looking for you to work on the company’s GRC project, I don’t want to say that you should start running in the other direction, but you should at least be careful about what you agree to. A GRC program gets started when the company finally wises up and realizes that they need to use their IT systems to mange governance, compliance, and regulatory issues. If this sound straightforward, it isn’t.

Our world is filled with lots of compliance requirements depending on what business your company works in: Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), etc. However, this is just the tip of the iceberg – there’s a lot more where those came from.

If this project is going to be successful, you’re going to need to have a strategy. This will not be an IT-only project, it’s going to take both IT and the business working together to do it correctly.

Why Is GRC So Hard To Do Right?

What sounds simple on the surface, quickly turns complicated when you start to dive into the details. The two areas that seem to create the most conflict for IT Leaders are creating rules and privileges that determine who can access what information along with agreeing on where company data will be stored.

From an IT point-of-view, one of the most important things that you can do is to take the time to actually identify the owner of each part of the company’s data set. Once you know who owns the data, you will have found the right person to make decisions about what to do with and where to store that data.

The Four Types Of Risk

As you undertake a GRC project, you need to keep in mind that not all risk is created equally. The four primary risk challenges that you’re going to end up dealing with include:

  • Business Risk: these are the risks that could bring the business to its knees. They can include risks to things such as the products and services that it sells, and any intellectual property or critical business records that are used to create / deliver products. The ultimate source for identifying what business risks you have to worry about need to come from the business side of the house.
  • Technology Risk: There is no way that you can possibly protect all of the company’s data and so that means that you need to do some prioritization. This is the kind of information that you are going to need to have in order to be able to build the right infrastructure and determine just exactly how to protect the data that needs to be protected. .
  • Legal (or Regulatory) Risk: Since the legal regulations that apply to your business can be changing all the time, this area can be challenging to stay on top of. The most important thing that you can do is to establish clear processes and procedures that line up with the existing regulations. The ability to show that you are compliant is key. .
  • External Risk: These are the threats that get the most press and so we generally do the best job of dealing with them. The most important thing to remember is that outsiders generally are trying to get their hands on your company’s data and so you’ll want to make sure that you secure what you have and properly dispose of what you no longer need.

What All Of This Means For You

Are you up for a major IT challenge? GRC is becoming a hot topic in IT and sooner or later they will be coming to you and asking you to help implement the company’s GRC project. You need to be ready.

The biggest challenge presented by a GRC project is finding ways for IT to work smoothly with the business side of the house. Creating rules to restrict who can access what data and then determining where that data will be stored will generate some very heated discussions.

The thing about a GRC project is that failure is not an option. Using the company’s IT systems to properly secure the company’s assets is a major challenge. If you and your team are able to accomplish this project successfully, you will have shown the company that there’s nothing that you can’t do.

Question For You: Who should lead a GRC project – the IT team or the business team?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

What We’ll Be Talking About Next Time

It sure seems as though the pressure on IT managers to deliver more business value isn’t going to go away anytime soon. If only there was some methodology that we could use to unlock all of that business value that we know is within the IT department. Oh wait, there is: it’s called the IT-CMF.

Tags: , , , , , , , , , , , ,
Posted in risk | 1 Comment »

Doing More With What You Already Have

Thursday, January 7th, 2010
Image Credit You Get No More Resources, But Still Need To Find A Way To Innovate

You Get No More Resources, But Still Need To Find A Way To Innovate

As an IT Leader, you’ve got a bit of a challenge on your hands right now. There is probably no way that you’re going to be getting more funding or headcount in the immediate future (or at least not enough to make a difference).

Yet at the same time your senior management keeps talking about the need for the IT department to start showing some innovation. Sounds like you’ve gotten yourself into yet another bind. How about if we take a look at how you can exceed your expectations using what you already have…

It’s All About The Information

Eric Lundquist over at eWeek magazine points out that one way for an IT team to show innovation is for it to create new ways to leverage company information. Two ways of doing this include taking existing company information and combining it in different ways and the other is creating new information from resources that already exist.

Within IT we all know the dirty little secret: our systems don’t talk to each other. What this means is that we have databases that are stuffed with silos of customer, product, and operations information sprinkled throughout the company.

It does not take a genius to realize that simply by creating an application that has access to two databases that have not previously been connected an IT team can create a new information tool. By creating this type of data “mashup” multiple times, the innovation that has been requested can be delivered.

It’s Time To Optimize

Anyone up for more layoffs? Ok, so that’s not the type of optimization that we’re talking about here. Any company runs by executing processes. IT has the ability to help optimize those processes. The first step in doing this is to measure the processes as they exist today in order to be able to determine what parts of what processes need improvement.

In the old days, this type of process measurement simply focused on people and documents. Now we realize that there’s more than meets the eye here. If you look at the full infrastructure of what it takes to run a company and execute a process, then you need to account for things like electricity, air conditioning, physical space, etc.

Most companies that compete against each other end up with very similar processes. If your IT team can come up with a way to make your company’s process better / quicker / faster than the other guy’s process then that truly would be an innovation.

Risk Is What You Make Of It

Risk to a company comes in many forms. Most firms focus on making sure that they are complying with both state and federal regulations. Rarely does a company see risk management as an avenue to innovation and so more often than not they end up trying to do the bare minimum needed just to get by the regulators.

There is a different approach that you can take with your IT team. If you assign them the task of determining where the risk to the company lies, they just might surprise you with what they come up with. Once they’ve identified where the risks are, assign them to create solutions that will either minimize or eliminate these risks. You just might be surprised with the level of innovation that empowering your team creates.

What All Of This Means For You

Innovation is currently a popular buzzword both in business and in IT. As IT Leaders we are being asked to create innovation within our teams using the resources that we currently have available.

If we take the time to look around, we will find that we have three opportunities to make things happen using what our teams already have. The first is to bring silos of company data together in order to create information that doesn’t currently exist. Next we have the opportunity to measure existing company processes in order to find out where IT can help optimize the processes. Finally, IT has a key role to play in minimizing the risk that the company faces and by empowering your IT team you can uncover hidden risks.

Innovation is there, you just have to take the time to uncover where it is hiding. You need to move quickly, because there’s a lot more that your IT team needs to get done after this!

Do you think that your IT team has the ability to work with other IT teams to create company data mashups?

Click here to get automatic updates when The Accidental IT Leader Blog is updated.

What We’ll Be Talking About Next Time

Sigh, if only we all could work for Google, right?  Hmm, but wait a minute, no matter how nice it seems, they’ve got to be dealing with the same IT Leader issues that we all are. Maybe it’s time to have a talk with their (former) CIO…

Tags: , , , , , , , , , ,
Posted in innovation | No Comments »

3 IT Manager Secrets From The Folks At Pixar

Friday, January 16th, 2009

Pixar Makes Great Movies And Has A Lot To Teach IT About Manging Creativity

Pixar Makes Great Movies And Has A Lot To Teach IT About Manging Creativity

Toy Story, Cars, Finding Nemo, Wall-E – who hasn’t been amazed at the movies that Pixar has created over the past few years? I think that we can all agree that clearly Pixar has found a way to foster and grow creativity within their organization. What if IT Leaders could find out how to do the same for our departments and teams…

Ed Catmull is one of the founders of Pixar and he is currently the president of Pixar and Disney Animation Studios (they merged just awhile ago). He wrote an article for the Harvard Business Review in which he discussed just what makes Pixar work so well.

Catmull make the point that he was once talking with a studio executive who lamented the fact that his biggest problem was not finding good people, but rather finding good ideas.

Catmull flat out disagrees with this thinking – he thinks that it reflects a misunderstanding of creativity. He also thinks that it places way too much importance on the initial idea in creating a new product.

Since the release of Toy Story in 1995, Pixar has released eight other films which have all been blockbusters. The real interesting point is that Pixar has never bought a script or movie idea from the outside. The ingredients that make their movies magic, the stories, the characters, and the worlds in which they live, have all been created internally by Pixar employees.

Here’s where the real learning for IT Leaders comes:

Catmull believes that Pixar’s adherence to a basic set of principles and ways of managing creative talent and risk is done responsibly. At Pixar, the job of management is NOT to prevent risk but rather to build in the capability to recover when failures occur (and, of course, they do occur).

In order for this type of environment to exist, it must be safe to tell the truth. In order for the organization to grow and improve, it must constantly challenge all of its assumptions and be searching for any flaws that could ultimately search for any flaws that could destroy the organization.

IT Leaders, just like Pixar management, need to find a way to resist our built-in tendencies to try to either avoid or at least minimize risks. I realize that this is easy to say, and very hard to do.

If an IT Leader can’t overcome his/her desire to avoid risk, then each project that they are in charge of will be an imperfect copy of a previous project that they worked on. This will result in many copies of what was never a perfect process with no hope of achieving a break through.

To have a break through in how a project is done, IT Leaders need to be able to find a way to live with uncertainty. This of course means that you also need to make sure that your department or team has the built-in ability to recover when you’ve taken a big risk and it ends up failing.

The key to being able to recover lies in the people that you have on your team, but we’ll have to talk about how you do that next time…

What’s your favorite Pixar movie? Why? Do you feel that your IT department manages creativity well? Do you have a plan for how to recover if you take a risk and it ends up failing? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , , , , ,
Posted in creativity | No Comments »