Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:

Beating IT Risks

.pdf
Скачиваний:
49
Добавлен:
17.08.2013
Размер:
3.24 Mб
Скачать

Beating IT Risks

Ernie Jordan and Luke Silcock

Beating IT Risks

Allie

Beating IT Risks

Ernie Jordan and Luke Silcock

Copyright © 2005 Ernie Jordan and Luke Silcock

Published in 2005 by John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England

Telephone (+44) 1243 779777

Email (for orders and customer service enquiries): cs-books@wiley.co.uk

Visit our Home Page on www.wileyeurope.com or www.wiley.com

All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the Permission Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or faxed to (+44) 1243 770620.

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Other Wiley Editorial Offices

John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA

Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA

Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany

John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia

John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809

John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data

Jordan, Ernie.

Beating IT risks / Ernie Jordan, Luke Silcock. p. cm.

Includes bibliographical references and index. ISBN 0–470–02190–X (cloth)

1. Information technology—Management. 2. Management information systems. 3. Risk management. I. Silcock, Luke. II. Title.

HD30.2.J67 2005 658.05—dc22

2004018705

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN 0–470–02190–X

Typeset in 10/12pt Garamond by Graphicraft Ltd, Quarry Bay, Hong Kong. Printed and bound in Great Britain by T.J. International Ltd, Padstow, Cornwall.

This book is printed on acid-free paper responsibly manufactured from sustainable forestry in which at least two trees are planted for each one used for paper production.

Contents

About the authors

ix

Foreword

xi

Acknowledgements

xiii

1

Thriving on risk

1

 

The challenge

2

 

Complications and deficiencies

3

 

The cure for your IT risk headache

6

2

IT governance framework

19

 

Different approaches to governance

22

 

Building a framework for your organization

35

 

Design and implementation issues

38

 

Case study: Aventis

42

3

IT risk portfolio

45

 

Introducing the IT risk portfolio

45

 

Implementing an IT risk management capability

60

 

Health check

66

 

Case study: European fleet management services provider

67

4

Projects

71

 

The impact of project failure

73

 

Organizational, program and project views of risk

78

 

Understanding IT project risk factors

82

 

Alternative philosophies for delivery assurance

95

 

Identifying, reporting and managing project risks

97

 

Health check

103

 

Case study: Agility

104

vi

 

Contents

 

 

 

5

IT services

107

 

IT service failures that impact your business

109

 

Planning and preparation

113

 

Implementing IT service continuity

117

 

Health check

122

 

Case study: Police service

123

6

Information assets

125

 

Accessing your information assets

126

 

The impacts of information asset exploitation

127

 

The impacts of degraded information assets

129

 

The dimensions of security

132

 

Implementing information asset management

138

 

Health check

149

 

Case study: Investment management

150

7 IT service providers and vendors

153

 

The dimensions of service provider failure

154

 

The dimensions of vendor failure

163

 

Managing service provider risk

165

 

Managing multiple IT service providers

174

 

New and emerging risks in IT service provision

176

 

Health check

179

 

Case study: Financial services

180

8

Applications

183

 

The impacts of IT application failure on your business

184

 

The evolution of IT application risk

189

 

IT application risk profiles

192

 

Software assets and liabilities

195

 

The lifecycle approach to managing risks

198

 

Health check

201

 

Case study: Leading water company

203

9

Infrastructure

205

 

How IT infrastructure failure impacts your business

206

 

IT infrastructure’s evolving risks

212

 

Moving towards ‘set and forget’

214

 

De-risking infrastructure transformation

216

 

Health check

217

 

Case study: GCHQ

218

Contents

vii

 

 

10 Strategic and emergent

221

The impact of IT failing to support the execution of

 

your business strategy

222

Driving shareholder value through IT-enabled business change

227

The influence of your IT capability on business capability

230

Health check

232

Case study: Egg

233

11 IT and other enterprise risks

235

Relating the IT risk portfolio to other types of enterprise risk

235

Supporting risk-based management with IT

245

The dependence of IT risk management on broader

 

enterprise competencies

248

In conclusion

251

Appendix 1: Review checklists

253

References

261

Index

271