Explosion of threats to critical information resources, regulatory mandates necessitates more consistent and comprehensive approach to IT governance
BOULDER, Colo., Aug. 30, 2007, IT risk management is no longer strictly about mitigating the negative threats surrounding IT, according to a just-released study by leading independent IT management research and consulting firm Enterprise Management Associates (EMA). Today, new approaches to risk management are delivering strategic corporate benefits by tying once disparate IT initiatives into a more unified and integrated program that helps organizations achieve business objectives. These initiatives play a critical role in shaping an IT governance strategy, enabling the business to define governance priorities and to measure and prioritize enterprise IT risk management more effectively.
In the study, “Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management,” EMA explores how the convergence of IT domains ranging from performance, availability, configuration and change management to business risk, trust and security controls is defining an entirely new class of solutions. These new approaches are providing critical insights needed to develop a comprehensive operational risk management strategy – where business goals are aligned with IT.
In addition to examining the convergence of key technologies in multiple market segments, the research explores the evolution of strategic IT risk management and how it seeks to transcend silos of technology, process and culture to provide organizations with the insight and control essential to managing risk strategy.
Scott Crawford, research director at EMA, spearheaded the study and found that risk management concepts continue to be embraced across all aspects of the enterprise – from the executive suite to business managers to information technologists. Each of these groups has its own perspective on risk, and today requires solutions that unify these perspectives to help drive one of the most critical requirements for effective IT governance: consensus on risk management strategy.
“Today’s enterprise faces a daunting range of IT risks – from security, business malfeasance and insider threats to business-critical IT service availability, performance and integrity issues. Regulatory requirements intended to curb these risks have also driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands,” said Crawford. “Putting a strategic IT risk management program into place can provide substantial benefits for the enterprise, not only in controlling threats to critical IT services, but also in giving the business a stronger competitive edge through more effective technology discipline.”
“The concept of a ‘strategic’ approach brings coherence to the enterprise. IT risk management is no longer limited to one technology or meant to meet a single regulatory mandate,” continued Crawford, “It seeks to unify and integrate siloed approaches to managing security, business, technology and trust risks – aligning them with strategic business objectives to enable the enterprise to consistently manage and measure their control.”
This new approach has brought with it a new class of technologies and tools to meet these changing needs. These solutions are geared toward flexibility, adaptability, integration and interoperability – and include everything from business and financial risk management tools to IT governance, risk and compliance management solutions.
This research report is available now at www.www.enterprisemanagement.com. For pricing information or to purchase this report, please contact Kevin Hecht at khecht@enterprisemanagement.com or (303) 543-9500 x124.
About Enterprise Management Associates
Founded in 1996, Enterprise Management Associates (EMA) is the leading independent industry analyst and consulting firm dedicated to the IT Management market. The firm provides IT vendors and enterprise IT professionals with objective insight into the real-world business value of long-established and emerging technologies, ranging from security, storage and service level management (SLM) to the Configuration Management Database (CMDB), virtualization and service-oriented architecture (SOA). Even with its rapid growth, EMA has never lost sight of the client, and continues to offer personalized support and convenient access to its analysts. For more information on EMA’s extensive library of IT Management research, free online IT Management Solutions Center and IT consulting offerings, visit www.www.enterprisemanagement.com.