IT Risk: Turning Business Threats into Competitive Advantage
By George Westerman and Richard Hunter
A half century of adopting information technology at an astonishingly rapid rate has created a world in which IT is not just widely present but pervasively, complexly interconnected inside and outside the enterprise. As enterprises' dependence and interdependence on IT have increased, the consequences of IT risk have increased as well. What is IT risk? It's the potential for an unplanned event involving a failure or misuse of IT to threaten an enterprise objective-and it is no longer confined to a company's IT department or data center. An IT risk incident has the potential to produce substantial business consequences that touch a wide range of stakeholders. In short, IT risk matters-now more than ever.
This change in the meaning and importance of IT risk has caught some executives unaware. Every executive at some time has experienced problems with his IT organization and systems, including delays and unexpected costs in development projects, temporary or extended loss of service, data loss or theft, processes made unnecessarily complex by systems interfaces and limitations, inaccurate information from redundant or "buggy" systems, and a myriad of other ills. Executives have generally learned to perceive-and even tolerate-such episodes as regrettably common but relatively limited in their impact on key business metrics. Case studies of companies like Tektronix and Comair, however, demonstrate how such perceptions no longer apply.