IT Risk to the Organization

As IT is a department within an organization with the goal of typically servicing other departments, there is a set of risks that IT poses to the organization. What I am talking about is different from the risks within an IT project execution or the day to day functioning of the IT department. I am focusing on the risks the IT department as a whole poses to the organization that it services.

The risks can be divided into the following main groups:

• Consequences of failure of services provided by IT


• Security risks


• Outsourcing and Partners failure risks


• Governmental and Legislative Risks

The IT head as well as senior management within the organization should consider these risks and work in tandem to manage them. This can be accomplished in the following ways:

• Create a risk management strategy and monitor and act on it regularly


• Engage outside auditors to analyze the risks from a new perspective


• Always be on the lookout to transfer risks


• And strengthen the quality of IT processes within the organization

In this way, organizations can get a proactive handle on the potential risks and manage them before they become a critical issue. It all really boils down to taking the effort and making it happen. There exist endless possible excuses to not do it, but in the end you have to consider that the competition is doing it so can you take the risk of not managing your risks?

Levels of Cost Optimization

If an organization wished to optimize its costs, there are numerous ways it can go about it. The question is which method of optimization will bring about beneficial results in the long term and which methods are knee-jerk reactions that bring about a short term benefit (and even a long term loss).

Gartner provides us with a framework of cost optimization that consists of four levels, each at a higher level of maturity and benefit. The broad categorization of these four areas is:

• IT Procurement: which consists of smarter procurement techniques and buying from cheaper and better vendors etc. This is also the least “mature” of the techniques and only provides very low level benefits that have little lasting impact.


• Cost Savings within IT: which consists of identifying opportunities to reduce IT costs. This usually ends up being lay-offs or outsourcing. While these are valid steps to take, they are again not “high maturity” decisions that will have long term and strategic benefits to the organization.


• Joint Business and IT Cost Savings: This is one level more strategic than the previous method, where IT confers with business to come up with areas of cost optimization that will have minimal negative impact on the business.


• Enable Innovation and Business Restructuring: This consists of encouraging innovation, implementing process improvements and restructuring business to align with customer demands. This is by far the best technique to bring about cost optimization with long term strategic benefits.

Organizations, however, rarely take the long term, visionary approach and approach cost optimization with the attitude of haggling with vendors and laying off people. This kind of cost cutting will rarely result in lasting benefits.

Eight Percent

As per Gartner, the cost involved in developing an IT application and bringing it to the live state is only 8% of the cost required in keeping it live for 15 years. And this, in a nutshell, is where most organizations do not plan properly and run into problems. The “whole life cost” or total cost of ownership (TCO) is rarely computed in a responsible manner. Rather, a knee-jerk reaction to changing market circumstances prompts the decision making process (if there is one) and a project is hastily assembled. After the project is completed, and the maintenance costs start mounting, there is “surprise” at the mounting maintenance costs. Then IT has to request more funding for its operations.

This whole sequence of events can be avoided if organizations simply add up the TCO and make responsible decisions in conjunction with business. The areas of expenditure that should be taken into account are:

• Planning


• Design


• Construction/acquisition


• Operations


• Maintenance


• Renewal/rehabilitation


• Financial (depreciation and cost of finance)


• Replacement or disposal

A great many tools and techniques for TCO exist and are readily available on the web. However, my goal here is to emphasize the importance of performing TCO and to be aware of the pitfalls involved in failing to perform this step.

The reason, in my opinion, that a lot of organizations suffer from poor TCO calculations in spite of the information being easily available and not very difficult to compute as well is because they often emotionally stake the next project as the “magic” deliverer of their present dilemmas. It is this emotion and lack of calculated analysis that leads organizations into the quicksand of wrong decisions and incorrect cost computation.

Organizations must make an accurate and well though out business and financial analysis of every proposed undertaking. If they neglect this step, they will pay for it later as 92% of the unaccounted cost is waiting to hit them where it hurts.