In a recent survey conducted by Robert Half Management Resources the top two areas of potential vulnerability and concern cited by CFOs are disaster recovery (37%) and the security of information systems (24%). A common theme between these exposures is the need to better identify and understand the full range of risks that companies face today and the need for all organizations to develop new ways to more effectively manage these risks. By developing cross-company approaches for addressing all areas of risk, companies will begin to move toward a systematic, enterprise risk management process that most effectively reduces risk and controls cost.
In a comprehensive enterprise risk management program companies identify and assess potential losses without regard to which department or function they may occur in. Broad categories such as strategic, operational and financial risks are sometimes used to group related exposures. The scope of this exercise is frequently daunting and leads some executives to defer implementation until the board of directors or regulators (such as in the financial industry) requires this overarching approach. However, there is a way to reduce the concern related to IT security and disaster recovery without performing a comprehensive assessment.
Most companies exist to produce goods and services. Doing so requires raw materials, processing and a system of delivery. Underlying these processes are support functions such as accounting and human resources. By thinking of information as one of the raw materials, the scope of the risk management process is simplified. The following ten-step program can be used to initiate a relatively quick risk control program for your critical business functions. After completing these measures you can develop a more comprehensive plan.