Companies that fail to treat IT risk management are exposed to problems, according to IT advisory firm Butler Group in a new report.
The report, 'IT risk management', says that IT risk management is just as much as an organisational issue as a technology concern.
The Butler Group stressed the fact that the majority of problems exposed as IT failures actually have their roots in people and process failures, and it encouraged organisations to take a systemic approach to risk avoidance, as well as adopting appropriate IT technologies and methodologies.
“Only by understanding these variables can the cost of solutions be balanced against the level of business exposure, and the best-fit solution selected,” said Rob Hailstone, software infrastructure practice director at Butler Group.
"The IT industry has a long way to go in improving its track record for delivering IT projects on time and on budget," the analyst group said. Companies need to consider risk management issues from the early design stage of IT projects and clearly weight the different types of likely risks, and the actual cost to the organisation, it warned.
Hailstone said: "The consequences of failing to manage IT risks pose a serious threat to any organisation. It follows that IT risk management efforts should have senior executive sponsorship and form part of the broader corporate risk management initiative."
Risk management has become more critical and more difficult due to the increasing complexity of IT systems. What's more, companies are more dependent on IT services. Many companies would suffer significant financial penalties after only a short period of unavailability.
The analyst group said a common risk is the loss of sensitive information, which could result in "considerable embarrassment to corporate executives" and "financial penalties". Recently the Information Commissioner's Office (ICO) was granted the powers to impose fines on individuals in companies for "deliberate or reckless loss of data". The ICO has long maintained that responsibility for corporate data rests at the top of the organisation, and chief executives must ensure information security.