Beating IT Risks
.pdfBeating IT Risks
Ernie Jordan and Luke Silcock
Beating IT Risks
Allie
Beating IT Risks
Ernie Jordan and Luke Silcock
Copyright © 2005 Ernie Jordan and Luke Silcock
Published in 2005 by John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England
Telephone (+44) 1243 779777
Email (for orders and customer service enquiries): cs-books@wiley.co.uk
Visit our Home Page on www.wileyeurope.com or www.wiley.com
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the Permission Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or faxed to (+44) 1243 770620.
This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.
Other Wiley Editorial Offices
John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA
Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA
Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany
John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia
John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809
John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data
Jordan, Ernie.
Beating IT risks / Ernie Jordan, Luke Silcock. p. cm.
Includes bibliographical references and index. ISBN 0–470–02190–X (cloth)
1. Information technology—Management. 2. Management information systems. 3. Risk management. I. Silcock, Luke. II. Title.
HD30.2.J67 2005 658′.05—dc22
2004018705
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN 0–470–02190–X
Typeset in 10/12pt Garamond by Graphicraft Ltd, Quarry Bay, Hong Kong. Printed and bound in Great Britain by T.J. International Ltd, Padstow, Cornwall.
This book is printed on acid-free paper responsibly manufactured from sustainable forestry in which at least two trees are planted for each one used for paper production.
Contents
About the authors |
ix |
|
Foreword |
xi |
|
Acknowledgements |
xiii |
|
1 |
Thriving on risk |
1 |
|
The challenge |
2 |
|
Complications and deficiencies |
3 |
|
The cure for your IT risk headache |
6 |
2 |
IT governance framework |
19 |
|
Different approaches to governance |
22 |
|
Building a framework for your organization |
35 |
|
Design and implementation issues |
38 |
|
Case study: Aventis |
42 |
3 |
IT risk portfolio |
45 |
|
Introducing the IT risk portfolio |
45 |
|
Implementing an IT risk management capability |
60 |
|
Health check |
66 |
|
Case study: European fleet management services provider |
67 |
4 |
Projects |
71 |
|
The impact of project failure |
73 |
|
Organizational, program and project views of risk |
78 |
|
Understanding IT project risk factors |
82 |
|
Alternative philosophies for delivery assurance |
95 |
|
Identifying, reporting and managing project risks |
97 |
|
Health check |
103 |
|
Case study: Agility |
104 |
vi |
|
Contents |
|
|
|
5 |
IT services |
107 |
|
IT service failures that impact your business |
109 |
|
Planning and preparation |
113 |
|
Implementing IT service continuity |
117 |
|
Health check |
122 |
|
Case study: Police service |
123 |
6 |
Information assets |
125 |
|
Accessing your information assets |
126 |
|
The impacts of information asset exploitation |
127 |
|
The impacts of degraded information assets |
129 |
|
The dimensions of security |
132 |
|
Implementing information asset management |
138 |
|
Health check |
149 |
|
Case study: Investment management |
150 |
7 IT service providers and vendors |
153 |
|
|
The dimensions of service provider failure |
154 |
|
The dimensions of vendor failure |
163 |
|
Managing service provider risk |
165 |
|
Managing multiple IT service providers |
174 |
|
New and emerging risks in IT service provision |
176 |
|
Health check |
179 |
|
Case study: Financial services |
180 |
8 |
Applications |
183 |
|
The impacts of IT application failure on your business |
184 |
|
The evolution of IT application risk |
189 |
|
IT application risk profiles |
192 |
|
Software assets and liabilities |
195 |
|
The lifecycle approach to managing risks |
198 |
|
Health check |
201 |
|
Case study: Leading water company |
203 |
9 |
Infrastructure |
205 |
|
How IT infrastructure failure impacts your business |
206 |
|
IT infrastructure’s evolving risks |
212 |
|
Moving towards ‘set and forget’ |
214 |
|
De-risking infrastructure transformation |
216 |
|
Health check |
217 |
|
Case study: GCHQ |
218 |
Contents |
vii |
|
|
10 Strategic and emergent |
221 |
The impact of IT failing to support the execution of |
|
your business strategy |
222 |
Driving shareholder value through IT-enabled business change |
227 |
The influence of your IT capability on business capability |
230 |
Health check |
232 |
Case study: Egg |
233 |
11 IT and other enterprise risks |
235 |
Relating the IT risk portfolio to other types of enterprise risk |
235 |
Supporting risk-based management with IT |
245 |
The dependence of IT risk management on broader |
|
enterprise competencies |
248 |
In conclusion |
251 |
Appendix 1: Review checklists |
253 |
References |
261 |
Index |
271 |