Analysis of Risk ManagementInformation technology(IT) Industry
Of United Kingdom
This paper is an analysis of the Interview conducted on Senior
Managerial staff of the IT Industry of United Kingdom. The
Interview was scheduled with some of the most promising IT leaders
of the country and their consent and effort to answer honestly was
appreciated. A set of nine questions were asked from the
interviewees and their answers were recorded. The sessions were
conducted both individually and in groups to avoid information bias
of any sort. The answers were then arranged and analyzed and put
into this format for the readers conveniencePlease note that the
names of the Companies and their employees are strictly protected
by Our Code of Confidentiality.
Interview Analysis
The following questions were asked in the same order. Each
question below is followed by a detailed analysis of the
interviewees answers. A total of nine questions were asked from a
group of Ten Respondents, all of who are positioned as Senior
Managers in their respective Companies.
Question : 1Do you follow risk management procedures at your
organization?Answer : 1The respondent answered that Risk Management
Procedures and their compliance is an important part of the Ethical
Framework of their organization. They believe that risk management
is the core of each and every technical institute as no
organization can construct any new objectives and hope to achieve
them without gathering firm knowledge about the risks facing their
company and ways of cutting through them. The respondent further
went on to say that an entire department was specifically devoted
in the recent years to undertake the task of identifying each and
every risk and potential threats to the organization and making
sure that contingency plans were developed in response to them.The
respondent told that many seminars informing the employees and
managerial staff about the importance of risk awareness are
conducted throughout the year with the intention to combat extreme
and anticipatory risks of all kinds.
Question : 2What are the benefits of having risk management
procedures at your organization?Answer : 2The respondent believes
that risk is a part of everyday life, something thats unprecedented
and unapproachable. Risk management minimizes the probability of a
project failing whether it is performance related, financial or
scheduled. Some, not all of the projects sustained by the IT
industry are either not submitted on time or not completed at all.
There is a generalized attitude in the organizational environment
that risks are healthy and a part of the business. However, risks
do reduce the sustainability of the organization and makes it more
vulnerable to the entire corporate world. Organizations that
prioritize risk management will see the rapturous benefits of it in
many areas. First and foremost, the implantation of proper and
working Risk management procedures and techniques will have a
growing effect on the strategic planning of the business. This
happens in the way that top level managers, when discussing new
strategic moves and techniques for the business will now consider
many factors that can and will affect the business in either the
future or the near present. They will then decide the kind of
effect the factor will have, either its a positive effect or a
negative one. These factors study not just the risk the business is
going to face but also the opportunities and threats these factors
are likely to pose for the business. Analyses and study of these
trends then help the business plan its strategic moves in a very
coherent and responsible fashion.Secondly, the respondent believes
that risk management procedures makes more of an effective use of
the resources of the organization. To understand this, the
respondent says, one needs to understand that every organization or
business has only a limited amount of resources, which if not
allocated properly, can have the severe effects of breaking down an
organization. Proper use of the limited resources is a must. Risk
management procedures in the IT industry have helped shaped the way
resources of a company are used. Once the senior managers have an
inkling about all the risks involved in the business and how these
risk factors can be taken care of both on financial and procedural
terms, then resources will not be misplaced or under or over used.
A proper guide to effectively use the resources of a business ,
making sure that they are distributed evenly and appropriately in
the adequate departments is what a fully functioning risk
management system provides us with.Apart from this, delivering the
projects on time and ensuring that there are no breakdowns of any
sort is a huge additional advantage of having a carefully installed
risk management procedure system in your organization. According to
the respondent, once a firm is aware of the potential risks it
faces in the long and short run, it automatically involves itself
in providing secure financial backup to the projects which in turn
ensures the completion of projects on a timely basis. Also since
there is regular backup, along with a close monitoring of the
probable risks to the organization, the project managers can plan
ahead of any problem or risk occurrence. The respondent also
believes that risk management procedures create a more risk focused
culture for the organization. This is because maintaining a proper
functioning risk management department provides a basis for
constant risk discussions throughout the organization, involving
all employees, at all levels, to become a part of the risk
inflammatory policies of the organizations. This allows for better
and more thoughtful insights and healthier decision making keeping
risk as the focus at the all levels.Risk management procedures also
are an effective way of enhancing the cost efficiency of the
organization as all financial data is thoroughly assessed and
analyzed routinely and contingency strategies are created which
facilitate improved decision making capabilities within the
executive and director levels, and in other layers of
management.
Question : 3Do risk management procedures add value to the
organization?Answer : 3According to the respondent, adding value to
any organization is one of the key elements of risk management
procedures. There is no better way to facilitate your organization
in terms of strategic and financial compliance than through risk
management. What most people fail to understand about the Risk
management theory is that its not just about successfully and
carefully avoiding those critical risks that can overthrow the
welfare of the business but risk management is also concerned with
making sure that organizations take the necessary risks that are
crucial to the success of the organization. Risk is generally
associated with an alarming factor that can destroy the functioning
of the organization, lead to losses or handicap the organization
strategically so that the name of the business remains nothing but
a farce amongst the corporate world in the years to come. However,
risk is perfectly fine at a considerable level and the management
of the organization needs to decide what this level must be in
order to gain advantage of opportunities that come wrapped in the
form of risks. The respondent said that value addition is the
accommodation of those benefits into the business which are a
honest reflection of the image of an organization. Risk management
procedures add value to the business in two ways. First and
foremost, they are known to create shareholder value. Secondly,
value is generated by competitive advantage. It is assumed that
unless a great many strategies, actions and techniques are not made
a basic part of the whole corporate plan of the organization, the
main purpose of risk management wont be achieved. It must be
remembered that the success of the risk management procedures is
directly proportional to the success of the organization. The risk
management procedures create value not only at the micro level but
also at the macro level of corporate governance. Value for
shareholders is created In the essence that risk management
procedures wish to incorporate this into every employees brain that
decisions must be prioritized on their basis of adding value to the
business which can also be called corporate value.Shareholders
value is basically the concept that companies will provide more to
the shareholders in returns than they initially invested in the
company. If this happens then positive shareholders value is
created. If the returns are less compared to the investment, then
value is not generated. Instead negative value is instilled In the
organization. The generation of value, is at the centre of the
organization.
Question : 4What are the important factors that affect risk
management procedures at your organization?Answer : 4The respondent
replied that indeed there are many factors that affect the risk
management procedures at their organization. These are as follows
:1. Risk perception and risk culture The respondent claimed that
for any firm to be successful and remain in competition with major
firms, it is important for it to have the right working environment
and culture. There isnt enough importance that can be placed over
this issue. A working environment where everyone is objective and
aiming to learn something new every day is a must for risk
management procedures to work efficiently and effectively. But
whats more important is a culture that is aware of all the risks
that the organization faces everyday and more importantly perceives
these risks in the right manner and the way they ought to be
perceived. On the whole, the culture of an organization varies
greatly from each department to each employee. Just as no two
employees will have the same views or opinions about each and every
issue. Similarly, no two departments will have the same thought
over anything. Differences in understanding the risks associated
with an organization is also because the reasoning and logical
power of different departmental employees is different. People at
the top of the management are there for a reason, because their
cognitive skills are much better than employees at lower levels of
management. Therefore, managers at the top level will always be
thinking out of the box and beyond the wall. While lower level
managers will have mostly physical and communication skills. With
this difference in skills and knowledge, many times lower level
managers and employees believe that risk taking and risk handling
is meant for the top management and isnt their responsibility. This
is a huge reason for the fact that many organizations only act on
the risks when they feel knew deep in shallow waters. In other
words, only when the danger of the risk is too imminent. However,
the way it should be is that the whole organization should be made
aware of all the risks associated with all working sectors of the
organizations. If we have a risk that we know of, the whole
management works towards resolving it. However , there is no
department in many organizations that is solely dedicated to
educating its employees about all forms of risks that could
endanger the firm. This is one of the main factors that affect the
risk management procedure that affects the organization.2. Risk
Technology
Technology plays a vital role in almost all spheres of life. In
organizations, it provides a lot of help not only with employees
work but also can play an important part in determining the risks
associated with the organization. Technology is an asset for the
organizations as it creates a basis for recognizing the risks and
handling them. However, according to the respondent, there are not
many software present at the moment in the IT industry which help
to forecast the risks instead of just relaying basic data.
Organizations are looking for software that will not only be able
to record huge amounts of data but also compute and analyze any
risk lurking on the horizon. According to the respondent, these
programs will be specifically tailored to meet the needs of
employees and senior managerial staff.
3. Risk Monitoring and ControllingRisk monitoring and
controlling is yet another factor that affects the Risk management
procedures of our organizations . Risk monitoring is the hunt for
new risks through constant monitoring of data, reviewing old risks
and keeping track of areas that are readily affected by risks. The
respondent says that our organizations are well quipped with
instruments required to monitor the risks we might face, but these
instruments dont determine the quality of the risks. By quality we
mean how dangerous this threat or risk really is. There is no
particular scale to define this. And unless that can be determined,
we waste precious time over sorting each kind of risk whether it is
direct threat to the business or not. This whole process uses up a
lot of time which makes the employees bored, feeling useless and
totally worthless and the time wasted over sorting out each and
every other threat of data could certainly be used more
productively.
Question : 5What are weaknesses in the risk management
procedures at your organization?
Answer : 5
The respondent answered that risk management procedures at
organizations was facing many loopholes at the present time.
Firstly, there is no proper tracking software developed yet that
can analyze the risks affiliated with an organization. It is too
difficult to keep track of all the data, both past and present, and
even more difficult to make assumptions based on intuition. A
proper system of controlling and interpreting the data and its
quality to analyze which data could pose a threat to the system
will be a great improvement. Determining the quality of risk prone
data is also very important because the quality crises could lead
to huge amounts of time being uselessly wasted when there is no way
to sort the data and employees have to undergo each and every data
log. A device should thus be made available which not only
interprets and analyzes data but also uses motion sensors to
analyze the quality of the data to determine which form of risk the
data would constitute.Secondly, the respondent said that creating a
culture that supports risk awareness is essential to the success of
any organization. Employees must be given hands on training from
senior professionals about risk taking, risk handling, risk
analyzing and acquiring potential risks from the data available. A
culture that is rich in employee risk awareness and where each and
every employee is working towards solving the problems of the
business should be made.Thirdly, the respondent said that risk
management will only work so far as to aid the management in
decision making. It will not make the decisions for the
organization. This needs to be remembered. Managers cannot hope
that they can feed the software and programs with risk inflicted
data and they will get a set of decisions or options to choose
from. Practically, this is impossible. No one software or computer
logistics program has been designed yet that can actually make the
decisions for you. So this limitation of risk management procedure
must be kept In mind while you are installing them in your
organization.
Question : 6What is the role of top management in risk
management in your organization?Answer : 6The respondent said that
top management plays a vital role in risk management procedures at
organizations. Risk management serves as a framework for the
competitive edge of an organization. Top level managers here should
follow a liberal and friendly approach in order to create the kind
of culture that is required of inducing risk awareness amongst the
employees of all levels and making certain that all of them
understand the complications associated with and of analyzing and
computing risks and imminent threats and opportunities to the
organization.Top managers must also posses the kind of skills
required to assess the risks that are within the vicinity of the
organization. These are particularly cognitive skills and
communication skills. Cognitive skills are those which help an
individual see beyond the wall. This doesnt mean itll literally
give you superhuman powers. What it means is that it will give you
sufficient amount of functioning knowledge so that you can judge
what might happen due to a certain trend or a particular factor.
For instance, if the economic situation is going diverse, is it
going to be better to keep our non monetary assets with us or would
it be better to sell them off? These kinds o questions can only be
answered by a person who has enough experience and knowledge to
deal with such situations. Top managers must also be able to
differentiate between different types of risk and see how one of
them affects the other. There are opportunity risks, speculative
risks, threats, risks of losses etc. When a manager distinguishes
between these risks, he must then be able to see the domino effect
of these with others. They also have the duty to address the risk
map whenever they can. The risk map is basically a tool that is
used to find out alternatives of the traditional risk managing
techniques. The basic point is, anything that feels out of the
ordinary can pose a threat to the organization and it is the duty
of the top management to procure proper decisions either in favor
of the risk or against it.An organization uses risk management to
anticipate the probability of a negative impact and therefore risk
management requires the support of the top level management at all
costs.
Question : 7What is the role of communication and culture in
risk management in your organization?Answer : 7The respondent
answered that most organizations now have faith in the saying that
communication does matter a lot. Employees from different levels
have varied opinions on this and they base their conclusions on
these very opinions. Sometimes, employees at the lower level might
be satisfied with just receiving orders from the top as that means
they have to put little or no effort into using their own brains.
However, many times employees might strive to become part of the
communication process. Internal communication of a business I
extremely important when trying to understand, analyze, mitigate
and resolve the risks associated with an organization. If there is
no proper channel of internal communication, then sending the
message across will be very difficult task indeed.Thus proper
Communication is a very important tool when dealing with risks.
Managers must be effective in their communication skills and must
be able to pass on or convey all the important duties and
obligations and the expectations that they have from the lower
level employees. Communication plays a very important role in
deciding what opportunities must be used and when and how to
achieve what the organization hopes to achieve. The respond also
claims that IT Industry is an industry which is prone to quick
changes and businesses that dont adapt to these changes might be
left out of the race. Thus for employees to keep up with a changing
environment and culture, it is important for them to have
communication channels open for them.Culture also plays a very
vital role in making sure that risk management procedures are
working effectively and efficiently. Culture is basically the set
of beliefs, attitudes, ideas and feelings that are the reason for
how a person acts. Culture is the backdrop of a persons behavior.
Culture differs from country to country and also from organization
to organization. An organizational culture is very important in
aesthetic point of view. The identity of an organization is
determined by its culture. Culture of an organization should be
such that it collaborates with the risks taken by the organization.
IT must be parallel to the changes and the reasons for those
changes. Risk would cause strategies to change undoubtedly and
culture should be flexible enough that it can bend easily to the
manifestations of the management.
Question : 8What is the role of organization structure in risk
management in your organization?Answer : 8The respondent said that
organization structure basically consists of all the internal
workings, the communication processes and employee relationships
with each other. Structure is formed of all the hierarchy of an
organization and the spans of control and communication channels
within the organization. An organization structure determines who
answers to whom and who is directly working under whom. The
structure of an organization is constructed in such a way that it
directly coincides with the duties and responsibilities of
employees. When a risk management system exists in the
organization, the structure of the organization needs constant
change and improvement. It needs to be reviewed and changes need to
be adapted to. This is essential as without it, the employees
cannot coordinate and work In a team and without that the risks
will not be eliminated.
Question : 9What is the role of trust in risk management in your
organization?Answer : 9Trust , without a doubt, is important for
the efficient working of every organization. Trust always has two
sides to it, that of the trustee and that of the trustor. According
to the respondent, trust is vital in IT organizations because
without trust team work and team compliance is a mere dream. The
goals of an organization cannot be achieved without there being
trust between all the individuals of an organization.When using
risk management procedures, trust is essential to make sure that
orders are carried out in time, without delay, as even a minutes
delay could lead to the organization being affected diversely. The
top management must have trust in the lower level employees that
their orders will be carried out with effect. In the same way, the
lower level employees must be sure that whatever the top management
is deciding is beneficial for the organization as well as them on
individual basis. Also, it must always be remembered that trust and
communication goes hand in hand.
