Wall Street's 'Colossal' Risk Management Failure
IT experts say the current Wall Street crisis may be a financial heart attack that warns of more serious problems ahead for the industry. Risk management controls have faltered in grand fashion, according to a well-known RSA data security executive. Consumer-oriented IT companies may face problems selling newer, faster products that aren't absolutely necessary to have, such as updated iPods.The largest U.S. financial debacle since the weeks and months following the Sept. 11, 2001, terrorist attacks on New York and Washington has left no U.S. business unaffected. The IT industry, meaning all sectors of the software, hardware and associated services businesses, is certainly not immune to what is transpiring.
Indeed, all financial institutions, by their nature, are important consumers of IT. Not only do they do virtually all their business on the Web and on IT systems, but the effects of the current crisis on Wall Street are all being recorded and analyzed using IT tools and services.
All the Wall Street analyses, the uncertainty about what the federal government is going to do to stem the losses and protect taxpayers and businesses, and the money lost by investors point to one overriding factor: The financial sector's risk-management mechanisms have failed.
"This financial mess is one colossal example of poor risk management," Art Coviello, president of EMC's RSA Security division, one of the largest and most respected data security companies in the world, told me.
EMC, which lost about 10 percent of its $23.5 billion market capitalization on Sept. 29, is a conglomerate that includes the world's largest external data storage company plus other assets that include virtualization kingpin VMware and content-management provider Documentum.
"We [at RSA] certainly play a role in mitigating this sort of thing, but there's business risk, and it's as if the regulatory authorities and businesses themselves have not recognized the speed at which business is done today," Coviello said. "The ability to do these complex financial instruments requires literally a Ph.D. in applied mathematics to understand some of these things that are being treated by 25- and 35-year-olds without the profile of risk behind it.
"So you've got speed conspiring with complexity to create more risk, and there's nobody evaluating the risk!"
There's nothing wrong with the breakneck speed at which business operates, because it does lead to greater productivity, Coviello said.
"But people need to understand that the risk is higher, and you need to start with business risk. Quickly that will devolve to IT risk, because so much of business today is run on your IT environment," he said. "If ever there was a time when the kind of work that we're doing [was important], to raise the profile of risk mitigation and risk-rewarding equation, it's absolutely right now."