Tuesday, June 8, 2010

The Deepwater Horizon Disaster - Lessons for IT Risk Management

It is an understatement to say that the BP Deepwater oil spill is a major disaster, for the people in the area, for the environment and for BP itself. While we are a long way from having a clear understanding as to why it happened, there is growing evidence that it could have been prevented if more effective safeguards had been put into place in the beginning,. We see this happening often in the IT world, where major projects are taken on, management pushes for it to go live without adequate attention to the risk management aspects and then things go wrong.

There is a strong likelihood that the Disaster will bring down BP as it has already involved a loss of lives and  brought down the economic futures of so many people.

It is a risk management failure of the first magnitude and it points, even this early, to several clear lessons for managements. For one thing, there is a need for a business to organize itself so as to give some clear clout to the risk management functions within its team. This means more than giving nominal titles to those people, but rather meaningful means of enforcing their will on overly keen managements when major projects are under way. Separate public risk management reports would be helpful. It also would be useful for companies to combine their risk management functions for IT and the rest of the organization. IT is getting increasingly difficult for many companies to separate them anyway. And the established expertise of IT risk management personnel would be a help. Some companies have done this, but many have not.

With the scale of major projects taking place in the world today, and the potentially disastrous effects of failure, there needs to be a substantial ramping up of the importance of the risk management function within businesses. The professionals are available for this purpose. We should use them. For an article on the BP Deepweather Risk Management click this link.

No comments: