How to Effectively Translate IT Risks to Business Risks

I read an interesting article at The CIO Leader titled, “Stop thinking like an IT person“. In summary, the article describes how technology is not the core business for most organizations; rather technology is how you enable and enhance your core value proposition. The article continues to address how CIO’s and IT leaders need to start thinking like their business counterparts, in terms of the financial impact of IT on business operations. This transition is critical in ensuring IT leaders can effectively communicate and inform the organization about technology opportunities to create value.

Are we saying the same thing?

As I continued reading through the article, I saw a lot of similarities to what RiskLens also speaks to regarding technology risk. We can’t just communicate technology risk in technical terms, filled with FUD, and traffic lights. We need to step-up our game and communicate as business leaders. How can we do this?  Three things come to mind.

  1. Formalize our language
    We need to stop using foundational terminology in a casual way and be intentional with the use of key terms. Take a moment and think of someone whom is at the top of their industry. When listening to them speak, are you captivated and impressed? I would argue it’s not just what they are sharing, but how they are sharing it. They are articulate and intentional with their words.
  2. Colors are fun but have limits
    There is limited value in measuring and presenting risk in qualitative terms (colors, labels, etc.). How can business leaders consider, prioritize, and make informed decisions based on shades of yellow? We need to communicate risk for a wider audience – the business – and the most effective way is in financial terms, dollars and cents. 
  3. Work with the CIO to form a balanced perspective
    This bullet point is directly targeting this article. I agree that adding technology into any aspects of operations for an organization can produce value and enhance services. However, with added technology and this “digital world” comes risk. Implemented technology will be depended upon by the users of the organization and typically introduce a certain set of new concerns. Technology often allows information sharing, which can create new confidentiality and integrity concerns. We should ensure that technology opportunities are presented not only with their forecasted benefits, but also their introduced risk.

At RiskLens, we help IT leaders communicate the risk associated with their department to business risk using the RiskLens platform, purpose built on the only standard quantitative risk model called FAIR. Contact us to schedule a demo below.