Book description
Beating IT Risks is the essential guide for anyone at risk from information technology failure. The book provides proven models and evaluation tools that will guide board members, senior management, IT leaders and business unit managers in decision-making, monitoring and negotiation roles. Featuring real-world PA Consulting Group case studies along with the authors' own direct experience in managing IT risks, this book will sit above more specialist titles to help you develop an integrated and comprehensive understanding of different IT risks and how to combat them. The authors cover all types of IT risk, and offer explicit guidance about what to consider when implementing a risk management approach to best meet an individual company's needs.
Table of contents
- Copyright
- About the authors
- Foreword
- Acknowledgements
- 1. Thriving on risk
-
2. IT governance framework
-
2.1. Different approaches to governance
- 2.1.1. The corporate governance perspective
- 2.1.2. The investor perspective
- 2.1.3. The compliance perspective
- 2.1.4. The enterprise-wide risk management perspective
- 2.1.5. The audit and control perspective
- 2.1.6. The engineering and systems perspective
- 2.1.7. The life scientist, biology and ecology perspective
- 2.1.8. An integrated perspective for your organization
- 2.2. Building a framework for your organization
- 2.3. Design and implementation issues
- 2.4. Case study: Aventis
-
2.1. Different approaches to governance
-
3. IT risk portfolio
-
3.1. Introducing the IT risk portfolio
- 3.1.1. First seek to manage IT risks like other business risks
- 3.1.2. A portfolio of IT risks
-
3.1.3. Classes of IT risk
- 3.1.3.1. Projects – failing to deliver
- 3.1.3.2. IT service continuity – when business operations go off the air
- 3.1.3.3. Information assets – failing to protect and preserve
- 3.1.3.4. Service providers and vendors – breaks in the IT value chain
- 3.1.3.5. Applications – flaky systems
- 3.1.3.6. Infrastructure – shaky foundations
- 3.1.3.7. Strategic and emergent – disabled by IT
- 3.1.4. Understanding relationships between IT risk classes
- 3.1.5. Impacts of IT risks
- 3.1.6. Wider impacts of your IT failures
- 3.2. Implementing an IT risk management capability
- 3.3. Health check
- 3.4. Case study: European fleet management services provider
-
3.1. Introducing the IT risk portfolio
-
4. Projects
- 4.1. The impact of project failure
- 4.2. Organizational, program and project views of risk
- 4.3. Understanding IT project risk factors
- 4.4. Alternative philosophies for delivery assurance
- 4.5. Identifying, reporting and managing project risks
- 4.6. Health check
- 4.7. Case study: Agility
- 5. IT services
-
6. Information assets
- 6.1. Accessing your information assets
- 6.2. The impacts of information asset exploitation
- 6.3. The impacts of degraded information assets
- 6.4. The dimensions of security
- 6.5. Implementing information asset management
- 6.6. Health check
- 6.7. Case study: Investment management
-
7. IT service providers and vendors
-
7.1. The dimensions of service provider failure
- 7.1.1. Failure to meet service levels for an operational service
- 7.1.2. Failure to meet other contract or relationship requirements
- 7.1.3. Failure to deliver project services
- 7.1.4. Failure to stay in business
-
7.1.5. Other service provider risks
- 7.1.5.1. Finger-pointing rather than accountability
- 7.1.5.2. One-horse races rather than contestability
- 7.1.5.3. Poor value for money
- 7.1.5.4. Inflexibility
- 7.1.5.5. Difficulty integrating services
- 7.1.5.6. Bumpy transitions
- 7.1.5.7. Unfulfilled transformation objectives
- 7.1.5.8. Poor visibility
- 7.1.5.9. Lack of control
- 7.1.6. Alternative service delivery model risks
- 7.2. The dimensions of vendor failure
- 7.3. Managing service provider risk
- 7.4. Managing multiple IT service providers
- 7.5. New and emerging risks in IT service provision
- 7.6. Health check
- 7.7. Case study: Financial services
-
7.1. The dimensions of service provider failure
-
8. Applications
- 8.1. The impacts of IT application failure on your business
- 8.2. The evolution of IT application risk
- 8.3. IT application risk profiles
- 8.4. Software assets and liabilities
-
8.5. The lifecycle approach to managing risks
- 8.5.1. Setting the systems agenda – strategy, architecture and planning
- 8.5.2. Concept and feasibility
- 8.5.3. Requirements and solution architecture
- 8.5.4. Solution build, acquisition and integration
- 8.5.5. Testing
- 8.5.6. Implementation
- 8.5.7. Maintaining and evolving systems
- 8.5.8. Retirement and decommissioning
- 8.6. Health check
- 8.7. Case study: Leading water company
- 9. Infrastructure
- 10. Strategic and emergent
- 11. IT and other enterprise risks
-
A. Review checklists
- A.1. Key review questions to answer: Completion of concept and feasibility stage
- A.2. Key review questions to answer: Completion of requirements and architecture stage
- A.3. Key review questions to answer: Build mid-point
- A.4. Key review questions to answer: Testing, acceptance and implementation mid-point
- A.5. Key review questions to answer: Post-implementation
- References
Product information
- Title: Beating IT Risks
- Author(s):
- Release date: January 2005
- Publisher(s): Wiley
- ISBN: 9780470021903
You might also like
book
Crisis Wasted? Leading Risk Managers on Risk Culture
Effective risk management in today’s ever-changing world Crisis Wasted? Leading Risk Managers on Risk Culture sheds …
book
Assessing Vendors
Assessing vendors is a tricky process. Large and regulated organizations are forced to demonstrate due diligence …
book
The Two Headed Coin
Discover the interplay between strategy and risk in this insightful new resource from two experts in …
book
How to Complete a Risk Assessment in 5 Days or Less
Successful security professionals have had to modify the process of responding to new threats in the …