Challenges and opportunities for CIO

Power outages, terrorist attacks, financial frauds, earthquakes, biological viruses and computer viruses are just some of the disasters that happen to companies and organizations around the world in recent years. here. The heavy consequences and high recovery costs have made the concepts of risk management a leading issue on the agenda of many organizations. This also poses challenges and opportunities for Chief Information Officer (CIO).

Resilient plans, remote servers, sophisticated security applications, mobile employee technology, backup systems and security systems are fundamental activities in the field of risk management. . However, for a CIO, simply deploying and managing these solutions is not enough.

Today, people expect CIOs to play a broader and more strategic role in organizations. They must advise the general manager, members of the board of directors and the board of directors on other issues in the organization. They must understand a variety of risks, such as risks in information technology (IT) operations, risks in deploying and using technology, risks in expanding organizations and risks of strategy.

In this 21st century, CIOs must be leaders and not executives. They have to take on more extensive management tasks, not just in IT. They must harness the power of technology to achieve a higher level of risk management, governance and competitive advantage. In short, they must become a CIO that manages risk information.

Managing risk information

Risks are often interpreted as something that is not good or unexpected. However, in business administration, the risk is the likelihood of an event creating one or more impacts on the realization of the company's goals. This impact can be bad - bring damage to the business - or well - bring new opportunities.

The term 'risk' is often assigned to a bad meaning, so people often focus on identifying risk factors (risk awareness). In fact, if you know how to exploit information about risks, managers can reap the good results.

A CIO who knows how to manage risk information well is one who has to focus attention and resources on three areas:

- Managing risks that have a direct impact on the IT department.

- Applying technology at all parts of the organization to help other groups identify and manage their risks well.

- Understand the risk information at the enterprise level.

How to capture information about risks

In order to better manage risk information, the CIO must be a senior executive in the organization to have an overall strategic perspective for the whole organization. They also have to pay attention to business and operational issues, not just around IT systems to ensure data security.

Here are seven steps to becoming a good CIO that manages risk information:

1. Take small steps. Assess the risk management situation in the IT department before you extend your attention to the entire business with questions, such as: How expensive is the current risk management process? Are employees in the department satisfied with the risk management process? Do we know the types of risk parts? Are these types similar to the types of risks of the entire organization?

2. Set priorities based on impact . The way to set up is to focus first on initiatives that can reach and have the strongest impact on the organization's activities. Analyze those effects. This analysis will help you identify areas with the most potential to generate the most benefits.

3. Automation of control . Automating and combining processes and systems not only helps you prevent other costs but also verifies a number of human-made errors.

4. Allocate and organize user profiles . Develop these record systems so that you can define and distribute information in accordance with each user's role. Customizing the level of access to information is appropriate for the roles and responsibilities of each employee, and allowing those who have the right to distribute relevant information in an effective way will help you control better information.

5. Improve information management . Examine the IT strategies, processes and technologies needed to meet the information needs of the organization. When making new tools, processes and controls to improve the quality of information, you may encounter some resistance from users. To remedy this situation, you can use 'flexible' tactics like mind recovery or use tools to monitor data quality.

6. Adjust IT assets to suit broader risk management needs . On the path to becoming a risk information management CIO, you must give up part of the trend of focusing on the risks of the IT department and broaden your vision to the organization's overall needs in risk management ro. Next, you must work with the leaders of other departments to come up with new, most effective ways to meet their needs.

7. Simplify the problem . One of the side effects of Sarbanes-Oxley ¹ is the rush to implement controls and new and often unnecessary processes. Now it's time to eliminate complexity and redundancy by simplifying control.

In general, a information management CIO is at risk of controlling technology to bring risk management into the day-to-day operations of the organization. This requires the CIO to make every employee sense the general concepts of risk, and must provide general parameters to measure risk. It also means that the CIO must collaborate actively with executives and other leaders in the organization.

Eddie Leschiutta
( Post translation summary)

Eddie Leschiutta is a managing member of Deloitte & Touche - one of the world's four largest audit firms - in Canada, in charge of corporate risks.

¹ Sarbanes-Oxley is a US financial act, issued on July 30, 2002, proposed by Senator Paul Sarbanes and Congressman Michael G. Oxley.This law is aimed at improving the quality and transparency of financial statements, enhancing the responsibilities of the board of directors, management and auditors.