Risk management is ‘broken’ in many manufacturers, says Gartner

Says Paul Proctor, vice president at analyst Gartner: “The increased visibility of risk management in many enterprises has resulted in inconsistencies in the use and application of the term.” He contends that the term ‘risk’ has been appended to many traditional IT functions, such as security, business continuity, management and privacy, without the accompanying changes in the processes and methodologies used for understanding and managing the risk associated with these areas. “This, in turn, has led to poor implementation of risk management as a discipline, limiting its effectiveness for many organisations.” He makes the point that in many companies, specialists with functional areas of responsibility for risk management, operate independently of one another, use different definitions of risk, record information inconsistently and fail to share information. “An enterprise that wishes to better understand and manage the risks to which it is exposed should begin with enterprise-specific risk definitions and an organisational risk hierarchy to which all risk-related specialists can align,” says Proctor. “Although no single definition will work for all enterprises, it is important to start from a common, overarching framework to eliminate overlap, avoid gaps in coverage and ensure good governance.” Gartner says it has identified seven key steps to enable IT managers to understand and manage the risks facing them and allow them to quickly contribute to an enterprise-level risk management effort as their enterprises evolve in that direction: