IT Risk: Framework and Real-World Stories

This article was originally posted on April 30, 2011.

Last year, at Microsoft’s CIO Summit event last year in Redmond, I was fortunate to accompany a few select clients and hear Dr. George Westerman of MIT’s Center for Information Systems Research (CISR) speak, and I thought that his story would resonate with our CIO clients. So this week, KMA and our valued partners in our Circle of Excellence (Altico Advisors, Compuworks, Presidio, and SoftwareONE) sponsored a top-notch event at Microsoft’s Waltham office featuring Dr. Westerman and a panel of four IT executives.

There were many great stories and ideas exchanged among speaker, panelists, and audience at this event, some of which you should expect to see in future KMA events (e.g., mobility for enterprise applications, building an IT dashboard), but much of the dialogue was about a key area of focus for Dr. Westerman: IT Risk.

Dr. Westerman summarized IT Risk using a framework of the “Four A’s”:

Availability. This is the classic “How many 9's?” level of risk, where metrics like uptime are most relevant. As Westerman underscores in his book about showing the value of IT to the business: these are table stakes. You will not be invited to the leadership, transformation, and innovation parts of the CIO job if you cannot reliably and effectively supply the utility/commodity parts of it.

Access. Is IT helpingpeople get to the systems they need to do their jobs? This may mean employees, but increasingly it means partners, customers, vendors, regulators, contractors and other external collaborators. As the membranes around the enterprise get increasingly permeable and fuzzy, initiatives like interoperability, identity management, single sign-on, and remote device management become much more important.

Accuracy. Is IT helping the business provide timely and accurate information to decision-makers? Is the IT function working transparently, and enabling others to do the same? This theme evokes the importance of analytics to the enterprise, an important investment area for CIOs.

Agility. Is IT helping the business manage change with predictable cost and speed? As the speed of change in the business world accelerates, the capability of IT to build and manage modular, scalable systems and agile processes will be a critical success factor.

Hopefully, our CIO clients who attended last week’s event took home with them a useful framework for considering IT Risk and some ideas about how to manage it from their peers on the panel. Special thanks for the event go out to:

  • our co-sponsors from the Circle of Excellence
  • our hosts from Microsoft
  • our keynote speaker, Dr. George Westerman
  • our IT Executive panelists:
  • Dave Rudzinsky, CIO of Hologic
  • John Lauderbach, CIO of Roche Brothers Supermarkets
  • Kevin Dushney, Senior Director of IT at Alnylam Pharmaceuticals
  • Henry Chace, CIO of Burns & Levinson, LLP

Originally published at

Project management, financial management, and knowledge management. Microsoft 365 aficionado, proud Sympraxian. Opinions and Philly attytood are my own.