The new model for managing enterprise risk management

The new model for managing enterprise risk management

105 readers like this


October 27, 2014
CIO Security

CIOs are faced with pressures to implement, change, and maintain secure and operational environments — 3 opposing forces. It's no wonder so many CIOs report difficulty meeting expectations, and that CIO tenure hovers around 3 to 4 years. Reporting to the board room can be a harrowing experience for many but talking about information risk management may be near the top of the list as a 'white knuckle' experience.

Stephen Gant, general manager of Modulo thinks that CIOs are in the right spot to lead their enterprises in protecting their information.

"Today’s CIO is optimally positioned to lead the path toward standardized and harmonized information risk management within their organization. After capital, information is the single most important commodity upon which an organization relies. An organization’s information technology infrastructure underlies absolutely every aspect of daily business and, by extension, impacts reputation management, intellectual property, disaster recovery planning, marketing, legal, human resources, and even finance. Soon, the CIO will necessarily rival the CFO in his/her ability to provide key metrics to the board and shareholders about business performance.

To do this, the CIO will need to incorporate both top-down view of risk typically generated by a Chief Risk Officer (CRO) and CISO’s bottom-up approach to risk management. The CRO often helps define company Key Risk Indicators (KRIs) through enterprise risk management techniques. The CISO provides critical visibility into residual and real business risk based on the ability to link assets to lines of business and processes. Combining these approaches gives the CIO a natural foundation to lead the maturity path toward enterprise-wide governance, risk, and compliance (GRC) and performance as well as the harmonization of risks: cyber/IT, third-party supplier, business continuity, operational, and enterprise.

In a recent strategic boardroom discussion with over twenty CIO/CSOs from a variety of industries and moderated by Modulo, we found that many have already started down this maturity path. Key themes that emerged included:

  • CIO/CSOs are increasingly interacting with the boardroom, and the structure of the board depends on the maturity of the company and the industry
  • Collaboration below the board is the key to success
  • Cybersecurity working groups are being formed to present a unified front
  • Need for common CIO/CSO boardroom best practices
  • GRC in the boardroom should be a business enabler"
Comments 0
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software and services through business strategy. He has written white papers and directed and published video interviews.

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Esther Shein
August 20, 2014

Amid all of the pressure on CIOs to innovate while keeping the lights on and fostering better communications and aligning with the business comes some good news: CIO tenure is on the rise. Esther Shein interviews Peter High, president of Metis Strategy, a Washington, D.C.-based boutique strategy and management consulting firm.

Submitted By Lee Congdon
July 28, 2014

It’s difficult to change any large organization, particularly an IT organization, where often the reason you got into trouble was because of legacy systems and technology debt. It may require changing some people, changing incentives, and it certainly will involve changing processes.

Submitted By Chris Carroll
May 02, 2014

Finding and keeping talented CIOs is a challenge for many CEOs and boards, but factors like a lack of succession planning, unpopular reporting lines and a lack of C-level acceptance for major IT project can make it difficult for the CIO to succeed, leading to a job life cycle shorter than those of other senior executives. The Strategy& study uncovered some actions CIOs should consider to improve their odds at success and lengthen their tenures within the organization.

Recent Tweets

| Follow @4Enterprisers