The new model for managing enterprise risk management

The new model for managing enterprise risk management

168 readers like this


October 27, 2014
CIO Security

CIOs are faced with pressures to implement, change, and maintain secure and operational environments — 3 opposing forces. It's no wonder so many CIOs report difficulty meeting expectations, and that CIO tenure hovers around 3 to 4 years. Reporting to the board room can be a harrowing experience for many but talking about information risk management may be near the top of the list as a 'white knuckle' experience.

Stephen Gant, general manager of Modulo thinks that CIOs are in the right spot to lead their enterprises in protecting their information.

"Today’s CIO is optimally positioned to lead the path toward standardized and harmonized information risk management within their organization. After capital, information is the single most important commodity upon which an organization relies. An organization’s information technology infrastructure underlies absolutely every aspect of daily business and, by extension, impacts reputation management, intellectual property, disaster recovery planning, marketing, legal, human resources, and even finance. Soon, the CIO will necessarily rival the CFO in his/her ability to provide key metrics to the board and shareholders about business performance.

To do this, the CIO will need to incorporate both top-down view of risk typically generated by a Chief Risk Officer (CRO) and CISO’s bottom-up approach to risk management. The CRO often helps define company Key Risk Indicators (KRIs) through enterprise risk management techniques. The CISO provides critical visibility into residual and real business risk based on the ability to link assets to lines of business and processes. Combining these approaches gives the CIO a natural foundation to lead the maturity path toward enterprise-wide governance, risk, and compliance (GRC) and performance as well as the harmonization of risks: cyber/IT, third-party supplier, business continuity, operational, and enterprise.

In a recent strategic boardroom discussion with over twenty CIO/CSOs from a variety of industries and moderated by Modulo, we found that many have already started down this maturity path. Key themes that emerged included:

  • CIO/CSOs are increasingly interacting with the boardroom, and the structure of the board depends on the maturity of the company and the industry
  • Collaboration below the board is the key to success
  • Cybersecurity working groups are being formed to present a unified front
  • Need for common CIO/CSO boardroom best practices
  • GRC in the boardroom should be a business enabler"
Comments 0
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software and services through business strategy. He has written white papers and directed and published video interviews.

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Carla Rudder
February 19, 2018

In our recent conversation with David Schatsky, managing director at Deloitte, he indicated that 2018 is the year AI talk

Submitted By Carla Rudder
February 16, 2018

Young IT talent can't skate by on tech prowess alone. Eight CIOs share their take on the skills that impress.

Submitted By Stephanie Overby
February 15, 2018

You can't offer $10,000 signing bonuses? You're not alone. Try these approaches to lure IT talent.

Recent Tweets

| Follow @4Enterprisers