How to prove that IT = very high risk

The importance of IT to the modern enterprise screams out through high investment, the pervasiveness of the technology, our reliance on its continuing operation and the pain we suffer when it doesn’t work. But above all we see the strategic importance of IT through its critical role in building efficiencies and the ways in which IT enables business to make its strategic moves.

But you can’t survive simply by fighting yesterday’s battles. IT continues to develop rapidly and to provide opportunities to improve every facet of business. Innovations are not just in terms of computing, but increasingly in dramatic changes to communication and collaboration technology, linking directly and instantaneously to customers and suppliers.

The shine has been removed from the apple many times before, however. A high rate of failure has been experienced in development, deployment and operation of IT – IT has been proven to be high risk:

Development: Statistics, such as the long-running Standish Group CHAOS reports,1 show that IT projects generally do not deliver the benefits that were expected of them. It is commonplace that projects come in late and over budget – and many are not even completed. The impacts of IT failures have been significant for the costs of failed development, the loss of anticipated business advantages and for the organizational cost of failure.

Deployment: Increasingly IT is not ‘developed’ in-house, rather ‘deployed’. Package, off-the-shelf applications are implemented with great challenges in modification, integration and testing. Costs can vary from the trivial to many millions yet management here can be patchy. Only the larger tasks are formally project-managed, and rarely do organizations keep track of the complex configurations of application, middleware and infrastructure.

Operation: The branch operation of a global corporation may have no direct responsibility for development or deployment of IT – this may all be handled by outsource partners, global fly-in teams or even remotely. Yet local management must ensure that the business keeps running and for this IT may be critical. Your managers need to know the risks that they are facing in trying to manage the service levels being provided to customers.