1 / 26

CIO Insight Summit, June 2006 Greg Hughes Executive Vice President Symantec Global Services

CIO Insight Summit, June 2006 Greg Hughes Executive Vice President Symantec Global Services. Consolidation Opportunity (and Risk) Knock: Five Steps to Get from Current to Best Practice IT Risk Management. Take calculated risk. That is quite different from being rash.

teegan-gentry
Download Presentation

CIO Insight Summit, June 2006 Greg Hughes Executive Vice President Symantec Global Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIO Insight Summit, June 2006Greg HughesExecutive Vice PresidentSymantec Global Services

  2. Consolidation Opportunity (and Risk) Knock: Five Steps to Get from Current to Best Practice IT Risk Management

  3. Take calculated risk. That is quite different from being rash.

  4. There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction.

  5. A lot of people approach risk as if it’s the enemy, when it is really fortune’s accomplice.

  6. Agenda • Increasing Challenge of IT Risk and Cost • Five Steps to Effective IT Risk and Cost Management • Symantec Global Services Capability

  7. Security Application Integration Compliance/risk management Disaster Recovery / BC ERP Aligning IT and business goals Risk management and business continuity Controlling IT costs Top CIO Priorities for 2006 Top IT Spending Priorities Top Business Priorities Sources:Goldman Sachs, Americas Technology, Improvements a Whisper, Not a Scream; State of the CIO Study, CIO Magazine, 2005.

  8. Has anything changed in disaster recovery and security that will affect our business’s continuity planning? Disaster Recovery Do we have adequate protection against denial of service attacks and hackers? Security Are there fast-response processes in place in the event of an attack? Incident Response Do we have management practices in place to ensure 24/7 levels, including tested backup? Data Storage Are there any possible IT-based surprises lurking out there? Risk Management Key IT Questions From the Board of Directors Source: Harvard Business Review; Information Technology and the Board of Directors, October 2005

  9. 100% App. Maintenance App. Maintenance Administration Administration 80% Innovation Innovation 60% 40% Infrastructure Cost Infrastructure Cost 20% 0% IT Cash Cost IT Cash Cost Unleash Greater Innovation by ReducingIT Costs and Risks Source: McKinsey & Co. BTO Practice, IT cost survey

  10. Example: Themes From Wall Street Focus on security Concern about IT risk broadly Narrow CISO role Expansion into IT risk management role Unmeasured risk Innovation around IT risk reporting External applications All applications-internal and external Storage is storage Storage must be secure Protecting the firm Protecting the extended enterprise Running tests Testing as a normal course of business

  11. Incorporates an analytical, systems methodology Provides IT and business leaders robust decision support Encourages protection of that which requires protection Manages cost while maximizing performance benefits IT Risk Management An enterprise-wide approach to improving processes, people and systems to achieve the organization’s preferred balance of IT costs and risks

  12. Determine appropriate IT risk tools Develop IT risk awareness Quantify business impact Align costs to IT risks Build institutional capability Leading Companies Take 5 Steps to Manage IT Risks: In Framework of Business Risk Management 1. 2. 3. 4. 5.

  13. Develop IT risk awareness 1. Develop IT Risk Awareness to Business Business Risk Operational Risks Financial Risks IT Risks Non-IT Risks Security Risk Availability Risk Performance Risk Scalability Risk Recoverability Risk Compliance Risk

  14. Quantify business impact 2. Quantify Business Impact Starting with aBusiness Impact Assessment Business Impact Assessment Critical Business Functions Customer Losses Financial Costs Legal/Statutory Penalties Operational Dependencies Business Input • Line managers, production leaders, functional managers

  15. Quantify business impact +10% -15% 2. Quantify Business Impact: Stock Market Rewards Companies with Lower Risk Stock Price Performance of Companies That Experience a Major Operational Disaster Sample size = 15: U.S. companies – 8, European – 6, Asian – 1 20 Recoverers Cumulative Abnormal Return % 0 Non-Recoverers -20 0 50 100 150 200 250 Trading Days after the Event Source: The Oxford Executive Research Briefing, The Impact of Catastrophes on Shareholder Value

  16. Determine appropriate IT risk tools 3. Determine Appropriate IT Risk Tools: Understand Range of Tools Available to Manage IT Risks Technology for IT Risk Management Information Sources IT Best PracticeProcesses Managing IT Risks Organization & Education

  17. Determine appropriate IT risk tools 3. Causes of IT Failure Causes of Failure Frequency • Lack of proper architecture expertise • Weak functional product knowledge • Insufficient training in troubleshooting and resolution • Fragmented/incomplete skill sets 60% 53% 53% 40% People • Insufficient crisis management plans • Weak IT project execution rigor • Inconsistent enforcement of policies and standards • Lack of plans to support increasing capacity and changing business needs • Poor internal communications across functions and regions 60% 60% 47% 40% 33% Process • Poor fit between product functionality and requirements • Environmental performance limitations • Incompatible versions/patches/technologies 47% 33% 27% Tech- nology

  18. Determine appropriate IT risk tools 3. A Call to ActionTop Three Things to do Tomorrow • Plan before you act • Establish escalation paths and crisis plans ahead of time • Thoroughly test in development and staging environments • Allocate proper time and resources for upgrade events • Have a contingency plan and rollback option • Ensure your IT organization has the right skills • Inventory and assess your staff’s skill set • Build or engage external expertise up-front to properly design and architect your systems against business needs • Provide training on operating and troubleshooting the infrastructure • Create and enforce global policies and standards • Define security policies • Set hardware, software, patch/upgrade standards and policies • Create mechanisms to share best practices and learnings

  19. Align costs to IT risks 4. Align Costs to IT Risk By Segmenting Service Levels “Platinum” Service Level (e.g., ERP) “Gold” Service Level (e.g., Partner Extranet) Cost “Bronze”Service Level (e.g., Intranet) Risk

  20. Align costs to IT risks 4. Example: Define Recovery Service Levels

  21. Build institutional capability 5. Build Institutional Capability • Overall Strategy and Risk Posture • Governance • New or Expanded Leadership Roles • Reporting and Information Systems • Skills Building • Awareness and Culture Changes • Planning and Testing

  22. 4 Common Issues Customers Face –Managing Risks Lack of Insight and Misaligned Priorities • Unreliable Processes • Critical Gaps in People Expertise • Inflexible Technology Foundation

  23. Symantec Global Services • We help organizations reduce IT cost and risks and achieve rapid, significant and lasting value from Symantec solutions • Deep technology expertise • Real-world implementation understanding • Cross-platform capabilities • Unique proprietary insight into nature of IT risks Global Reach North & South America, Asia Pacific & Japan, Europe, Middle East, Africa 700 Consulting 200 Education 1900 Enterprise Support 1900 Consumer Support

  24. Managing risk: Security Managing risk: Performance Managing risk: Availability Managing risk: Recoverability Healthcare Industry Retail Industry Automotive Industry Pharmaceutical Industry Symantec Customers Managing Risk

  25. IT risk is a new part of our role • IT risk can be managed • Symantec can help

  26. Q&A

More Related