Coming to Grips with IT Risk

Coming to grips with IT risk
A report from the Economist Intelligence Unitsponsored by SAPComing to grips with IT risk
Preface
Coming to grips with IT risk is an Economist Intelligence Unit briefing paper, sponsored by SAP. The Economist Intelligence Unit bears sole responsibility for this report. The Economist Intelligence Unit's editorial team executed the survey and wrote the report. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. Terry Ernest-Jones was the author of the report and Rama Ramaswami was the editor. Mike Kenny was responsible for layout and design.Our research drew on a global online survey in October 2006 of 145 senior executives. Our thanks are due to all survey respondents and interviewees for their time and insights.
March 2007
© The Economist Intelligence Unit 2007 1Coming to grips with IT risk
business continuity and the impact of late-running or Executive summary under-performing IT projects.What is the greatest risk to any large business? Most This global survey of 145 senior executives, executives would say it is information technology conducted by the Economist Intelligence Unit on (IT) failure. Companies fear IT collapse more than behalf of SAP, aims to gain a deeper understanding they do terrorism, natural disasters, financial risk of how companies define and mitigate IT risk. The or regulatory constraints-and with good reason, following are some of our key findings: for IT failure can make any business go into a tailspin. IT applications routinely underpin critical ? Complexity is largely to blame for current risk processes throughout a company: supply chain levels. The sheer complexity of IT applications management, customer service, invoicing, payroll and system architectures is the main source of risk and regulatory compliance. Businesses have become exposure. Our survey reveals, however, that there is a utterly dependent on their IT systems. If a new web shortage of skilled project managers who can handle site application crashes or customer records get unwieldy IT projects.corrupted, it can be ruinous. Nonetheless, most companies do not have sound IT ? IT risk management structures are largely risk management processes in place. inadequate. Only 13% of executives say their Many senior managers still view IT risk merely in company has a comprehensive IT risk management terms of security. This perspective is far too narrow: structure in place. Although they believe senior IT risk should encompass possible damage to the full management is aware of the financial risks associated range of IT-related activity, including all aspects of with IT failure, only 11% describe their company's handling of IT risk as "highly effective."
About our survey ? Customer service is the area most affected by IT failure. This results from companies' growing reliance In October 2006 the Economist Intelligence Unit on real-time online interaction. If IT Systems fail, conducted an online survey of 145 senior global customers are only a click away from another company.executives from a variety of industries on their companies' current and planned strategies for ?minimizing IT risk. Fifty-seven percent of the Following loss of customers, revenue loss is respondents are C-level executives. Thirty percent of what executives fear most from IT failure. When the the respondents are located in Western Europe, 31% system is down, customers will buy from other sites. in the Asia-Pacific region, 24% in North America, Another feared consequence of IT failure is damage and the remainder in Latin America, Eastern Europe, to brand and reputation, especially if customer and the Middle East and Africa. Of the respondents information is compromised.surveyed, 54% report that their organisation's annual revenues are less than US$500m; 14% report revenues of US$500m to US$1bn; 14% post annual revenues ? Unplanned downtime is considered the most of US$1bn to US$5bn; 4% report annual revenues of damaging risk. This is much more serious than other US$5bn to US$10bn; and 14% report annual revenues hazards such as viruses or the leaking of sensitive of more than US$10bn. In addition to the survey, we company data. The prospect of IT downtime is of conducted interviews with senior executives worldwide particular concern in the manufacturing and financial to get detailed responses and analys... [download for more]