Risk management: A core competency for CIOs

In the post-September 11 era, risk management is rapidly becoming a significant area of concern for chief information officers (CIOs). According to Meta Group, by 2006, risk management will become a core competency for the CIO position. Depending on an organization's industry and culture, between 5 and 20 percent of the information technology (IT) budget should be devoted to risk management, including IT security, business continuity, and other risk-related issues. Starting in 2003, spending that money wisely has become a major concern of CIOs.

Meta says the key aspects of establishing a full risk management program are

* making support of business continuity through disaster recovery a core IT discipline, working in conjunction with other key business areas such as human resources and facilities management, to deliver true business resilience

* creating a comprehensive, enterprise-wide security program that covers all aspects of business and IT operations

* identifying, quantifying, and managing project risk from inception to completion of each project

* identifying IT organization human resource risks, creating and maintaining succession plans, and applying knowledge management techniques to preserve key skill sets

* tracking vendor liability risks and developing contingency plans to protect the organization from vendor instability.

Copyright Association of Records Managers and Administrators Inc. May/Jun 2003
Provided by ProQuest Information and Learning Company. All rights Reserved