The new model for managing enterprise risk management

The new model for managing enterprise risk management

184 readers like this


October 27, 2014
CIO Security

CIOs are faced with pressures to implement, change, and maintain secure and operational environments — 3 opposing forces. It's no wonder so many CIOs report difficulty meeting expectations, and that CIO tenure hovers around 3 to 4 years. Reporting to the board room can be a harrowing experience for many but talking about information risk management may be near the top of the list as a 'white knuckle' experience.

Stephen Gant, general manager of Modulo thinks that CIOs are in the right spot to lead their enterprises in protecting their information.

"Today’s CIO is optimally positioned to lead the path toward standardized and harmonized information risk management within their organization. After capital, information is the single most important commodity upon which an organization relies. An organization’s information technology infrastructure underlies absolutely every aspect of daily business and, by extension, impacts reputation management, intellectual property, disaster recovery planning, marketing, legal, human resources, and even finance. Soon, the CIO will necessarily rival the CFO in his/her ability to provide key metrics to the board and shareholders about business performance.

To do this, the CIO will need to incorporate both top-down view of risk typically generated by a Chief Risk Officer (CRO) and CISO’s bottom-up approach to risk management. The CRO often helps define company Key Risk Indicators (KRIs) through enterprise risk management techniques. The CISO provides critical visibility into residual and real business risk based on the ability to link assets to lines of business and processes. Combining these approaches gives the CIO a natural foundation to lead the maturity path toward enterprise-wide governance, risk, and compliance (GRC) and performance as well as the harmonization of risks: cyber/IT, third-party supplier, business continuity, operational, and enterprise.

In a recent strategic boardroom discussion with over twenty CIO/CSOs from a variety of industries and moderated by Modulo, we found that many have already started down this maturity path. Key themes that emerged included:

  • CIO/CSOs are increasingly interacting with the boardroom, and the structure of the board depends on the maturity of the company and the industry
  • Collaboration below the board is the key to success
  • Cybersecurity working groups are being formed to present a unified front
  • Need for common CIO/CSO boardroom best practices
  • GRC in the boardroom should be a business enabler"
Comments 0
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software and services through business strategy. He has written white papers and directed and published video interviews.

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Carla Rudder
April 19, 2018

High EQ leaders don't lose their cool. They don't swallow emotions. Learn about the behaviors to avoid as you build emotional intelligence.

Submitted By Jason James
April 18, 2018

Jason James, CIO of Optima Healthcare Solutions, discusses three thorny issues tied to automation: Employee burnout, human error, and opportunity costs.

Submitted By Jeanne Ross
April 18, 2018

As organizations grapple with digital transformation, CIOs can provide unique help shaping and executing on digital plans.

Recent Tweets

| Follow @4Enterprisers