There is an old, but great saying – “What you can’t measure, you can’t manage”, it is as relevant to IT Risk Management as any other subject I can think of.
IT Risk Management can be a large and complex subject, just search it on Amazon and see how many books are available on the subject – I know, as have purchased a few over the years, great night time reading if you are struggling to sleep!
At its simplest, Risk Management is about:
- Understanding and documenting your risks
- Measuring them
- Making plans to mitigate them as best you can
- Reporting on progress
- Continually reviewing your situation
Here at vBridge we have a comprehensive risk management program, as you would expect. Part of attaining our ISO 27001 certification was really lifting our game in this space – we now have a dedicated risk council that meets monthly, we have a special guest from the team each month to join us, and Pete has developed an amazing Power App that manages all aspects of our risk program including audits, reviews, controls and policies. It’s great for us and essential when you consider the companies that we provide services to, but it’s not for everyone.
I talk with many clients that know they need to do something but are not sure where to start or how to get moving. The actions to get started are surprisingly easy and do not require a lot of effort. The larger question for many is, what’s the point and what is the outcome I am looking for?
In my experience the “Why” and the “Outcomes” are as follows:
- If you can’t measure your risk – you can’t manage it
- If you are responsible for IT in your organisation, it is your job to manage risk
- Your risk program can become a massive supporter of your business cases, it is very hard to reject your proposal when it clearly addresses business risk
- Great reporting to your leadership and board – they will 100% appreciate that you are taking risk seriously and engage with you on the subject
- A clear plan of risk reduction works that will be supported by the business
- It demonstrates to your organisation that you are more than just techy
- When things do go wrong, you can demonstrate the work you have been doing to reduce the risk
- You will spend less time fighting fires and move from reactive to proactive
So how to get started? We have created a simple set of tools that you can use – for free. Drop us a line at https://vbridge.co.nz/contact-us/and request access to the free risk management tools.
You can take these tools and use by yourself with the user guide – or engage with us to help you get underway with a workshop. Either way, if you are not managing your IT Risk now – just start doing it, make it a habit and stay on top of your game. It will pay you back in spades.