Revisit Risk in the Age of Digital Transformation

May 03, 2017

Contributor: Rob van der Meulen

The digital world is ever more complex, increasing the importance of risk management.

Many CIOs feel that their organizations are ill-prepared to deal with the many new risks associated with digitalization. Gartner analysts say these concerns are well-founded.

"As most industries evolve, their risk management approaches fail when they encounter previously unknown hazards,” said Robert A. Handler, research vice president and distinguished analyst at Gartner.  “In an IT context, digitalization represents a point of rapid evolution, and it will create new risks."

It is critical that CIOs and program, project and portfolio (PPM) leaders evolve their risk management approach for a digital age.

New and Bigger Risks

It is impossible to know the specifics of how or when an unknown risk will become reality or what its impact will be, but we can foresee some factors that lead to new risks.

“ Multiple small points of failure can cascade into more-serious business risks.”

"Digitalization magnifies risk," added Mr. Handler. "Digital projects connect more and more things together, many of which are not within the direct control of the project leaders."

This trend adds complexity and interdependency to organizational systems, sometimes in an exponential way. The current "need for speed" environment of digital business discourages redundancy. Therefore, potential points of failure proliferate and fragility rises.

"This complexity will accelerate as we connect 5.5 million new things a day to the Internet of Things (IoT)," said Mr. Handler. "Even without that, many IT organizations are already struggling with their focus being limited to their internal systems."

Keeping Pace With Change Is a Challenge

PPM leaders tend to focus on speed of delivery and marginalize the importance of fault tolerance systems. In doing so, they are — often unknowingly — contributing to the fragility of a project and everything that depends on it.

"This is — at minimum — a CIO-level issue," said Mr. Handler. "Most CIOs are familiar with Mode 1 risk management, where risk is linear and has a normal distribution. However, they  are still not using accepted risk management standards to their full potential."

Moreover, increasingly common Mode 2 efforts are experimental and exponentially increase complexity risk. IT leaders and CIOs must simultaneously invest in traditional risk management for Mode 1 while learning to adapt to the uncertainty of Mode 2.

Agility Is Critical

Multiple small points of failure can cascade into more-serious business risks. The examples of recent IT system failures at airlines like Southwest and Delta show how damaging an initially minor problem can become. This underlines the importance of minimizing even small risks with conventional approaches.

Agility is also crucial. Where complexity cannot be reduced, agility improves the response to unknown risks. Use the elasticity of cloud computing to build in slack and reserve capacity, so successful initiatives don't turn into burdens. Maintain adequate human resources, possibly through creative partnering with consultants and system integrators. Monitor more closely for extreme behaviors and extend this monitoring to include operations, partners, the market or anything across the network that could have a significant impact.

"In a digitalized world a failed business system that is connected to a 'thing' can cause physical damage or injury," said Mr. Handler. "Prominent examples include recent smart thermostat failures or accidents with automated cars. These are physical risks to life and property that few IT organizations have ever faced, but must now prepare for."

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

Drive stronger performance on your mission-critical priorities.