SAN FRANCISCO—IT executives face more risks than ever to system security, their budgets and corporate reputations. But the most they can hope for is to focus the most resources and technology investments against the worst threats and hope the lesser concerns dont leap up to bite them.
This was the focus of the discussion this week at a Robert Frances Group conference on "reducing risk, restoring trust: a leadership role for IT."
Most of the IT executives participating in the opening panel focused on operational risk assessment and management work in the banking and financial services industry where IT is the first line of defense against a multitude of hazards.
These executives work in an industry where IT keeps the cash flowing smoothly through the economy. Serious hang-ups in a check clearing system or a back-office investment application can literally cost an institution billions of dollars and bring probing questions from the Federal Reserve and congressional committees.
Measuring and assessing risk is the best way for IT department to ensure they will get the money they need to fix high-priority problems, said Bruce Lee, CIO with European banking group BNP Paribas.
IT managers have to assess operational risk with the same diligence that bankers gauge credit and market risk, Lee said. When it comes to identifying risks that are at the core of a banks operations, such as fraud, theft or catastrophic equipment failures, it is easy to get the resources to fix the problem.
"[If you] find sufficient risk you can kill any objections to committing money" to fix the problem, Lee said. But risk assessment and mitigation isnt a just a point solution; it has to be "a new operational strand" of each IT department, he said.
Then there are risks that can also threaten an IT departments reputation and operations, but are more difficult to get money and resources for, he said.