Over time, environmental complexity increases the probability of failures, dependence on IT increases the impact of those failures that occur, and increased visibility amplifies their impact. While the number and impact of potential failures are rising, IT directly controls less of the infrastructure, has less time to react, and is less able to apply traditional risk management methods to deal with the risk of failure.
We recommend that operations integrate risk management into decision-making in the same way it has already integrated such critical factors as time, money, and labor.
- Risk management should be integrated into operations
decision-making in every job function and role.
- Risk management should be taken seriously and given an
appropriate amount of effort and formality.
- Management at all levels should encourage the view that
identifying risks is a positive activity that is crucial to an
effective risk-management process.
- Risk management should be performed continuously to ensure that
operations deals with the risks that are relevant today, not just
the ones that were relevant last quarter.
Fortunately, formalizing risk management practices is an achievable goal. Organizations can enhance the achievement of this goal by fostering a "risk management culture," as described in the next section.