Management philosophers have held forth for years on the chief role of the chief information officer. We've been told that they must be adept at managing complexity and managing the ever-accelerating pace of change and even managing their bosses' expectations. Let's hurl another esoteric priority into the mix: managing uncertainty.Esoteric, yes, but not theoretical or trivial. In fact, a company's life can depend on its ability to anticipate technological, economic, financial, regulatory, and other big forks in the road. That burden doesn't rest wholly on the IT organization, of course, but IT leaders must be active players in mitigating a wide range of business risks.
As I got to writing about this broad subject, I received a release from Enterprise Management Associates, whose new study on this very same subject (pure coincidence) is both enlightening and disconcerting. "IT risk management is no longer limited to one technology or meant to meet a single regulatory mandate," states EMA research director and study lead Scott Crawford. "It seeks to unify and integrate siloed approaches to managing security, business, technology and trust risks -- aligning them with strategic business objectives to enable the enterprise to consistently manage and measure their control."
True enough. But then the release goes on to say that a "new class of technologies and tools" is available "geared toward flexibility, adaptability, integration and interoperability." This may be the stuff of a business and technology consultant's dreams, but even if these tools are all they're cracked up to be, it's all a bit mind-numbing to the technology pro who wants to get on with real work.
Heaven help us if our nation's IT execs must spend all their waking hours thinking like actuaries, accountants, and lawyers, plotting worst-case scenarios and insulating their organizations not just from risks but also from opportunities.