Charlie Sherlock discusses the value of an effective IT risk management system

While risk is still considered by some organisations to carry an air of ambiguity, the need remains for companies to gear themselves towards managing and minimising it. Most adopt a formal risk plan, but often this is ill equipped to handle crises and incidents that can develop unexpectedly and prematurely. With the need for plans to be tested and revised regularly, it is essential that organisations consider how an effective IT facilities management system can allay fears of coping with crises.

Managing risk

In my view, by definition risk management is synonymous with loss prevention. Since risk can lead to loss, the objective behind implementing any IT-based management system is to manage the operational environment. Therefore, the most important returns are those that enhance productivity. It is imperative that business intelligence is inherent in the functionality of any management IT system, since this is the force behind identifying risks and planning for them before they occur.

Most systems deployed already have a measure of functionality. But these functions are far from proactive in their approach. Creating a more proactive system requires developing and programming unique 'business rules', which follow the workflows of day-to-day operations. These business rules are unique, automated instructions developed around daily business activities. For companies that already have some systems in place, a dashboard system enables the integration of these business rules with new or existing tools, consolidating everything into one managed application.

With business rules firmly in place, effective management of a risk-prone operational environment calls for 24 hour monitoring. This is designed to enable effective communication between all parts of an existing system. As an example, the communication between a network of CCTV cameras and a central security system requires the augmentation of information from both systems to provide the most useful risk information. This means that when any business rules are broken, the system flags up the action that needs to be taken.

Data gathering

There are practical things that an organisation cannot afford to take for granted. Even though a security system may be programmed with intelligence and efficiency, the way risk is dealt with currently still largely depends on human intervention. This needs to be combined with the way in which workflow is audited. With the creation of business rules organisations are able to assess data that is collated to better enhance operations and reduce risk in key areas.

“Effective management of a risk prone operational environment calls for 24 hour monitoring

The simple fact is that when issues flagged by a management system are ignored, failure results. An important part of preventing this from happening is the reporting methodology and how it links to identifying strengths and weaknesses in operations. For example, this might be related to issues of compliance and hence the need for health and safety standards to be met. As already evident from a number of different systems, risks are not yet managed in real time and so this does put an organisation at a huge disadvantage. It is the ability to react quickly which cements these sorts of systems. While business rules define operational processes, data gathered from within the system helps to ensure that existing intelligence can be built on and developed alongside reporting skills.

Economic potential

An effective IT risk management system certainly has great economic potential. The underlying principle behind good business continuity and flow is excellent communication. Implementing such a proactive plan and system would provide a considerable number of tangible benefits. Although initial expense might be a stumbling block to investing in an IT solution, the key economic benefits should not be overlooked.

Softer economic benefits take the shape of increased efficiency, which in turn reduces organisational liabilities. With this increase comes the ability to leverage resources into other important areas of operation, which might include health and safety monitoring as well as management of physical resources. From a data perspective, an IT based risk management solution enables effective use of reporting. Actions taken from issues flagged within reports lead to huge savings of time and money and thus increase productivity overall.

In more robust terms, a fully integrated IT risk system facilitates the assessment of all parts of an operation that potentially bring about loss. With maintenance and management of assets being a priority for all businesses, these systems ensure good tracking and monitoring of all activities. Automation of procedures can reduce the need for personnel in some circumstances as well as training costs. While monetary benefits are attainable, energy management could also be a further beneficiary, with systems reporting potential loss and reacting quickly.

The future of IT risk management

With the constantly changing demands of operations, organisations need a solution for monitoring all activities. The challenges therein point to the need for a tailored IT facilities management system to cope with foreseeable threats. Business continuity is the key to successful communication, and with the aid of IT, this flow can be managed together with risk and crisis. Managing risk is inclusive of developing a plan for the unexpected, as all organisations seek to do more than just describe what might take place. They wish to take a proactive approach towards monitoring physical assets and defining business rules governing operations. IT management systems will help to do just that.

Topics