Drive home the fear of failure, says financial services CIO
By Steven Deare
Published: 3 August 2005 12:30 GMT
CIOs should use marketing-style 'fear, uncertainty and doubt' (FUD) tactics to pressurise boards and senior management into properly resourcing and prioritising operational risk management, a veteran CIO claims.
Martin Laing, CIO of Societe Generale's Australian business and a 24-year IT veteran, told delegates at an Alphawest leaders' forum last week that CIOs should "employ the tactics of the sales force of our suppliers" to drive home the threat of failures in day-to-day business processes.
Laing said such operational failures could be highly damaging: "Think of the effect of not making [payments via the Society for Worldwide Interbank Financial Telecommunication messaging and interface system] for a few hours, or a senior executive being caught viewing undesirable internet sites and having that splashed across tomorrow's tabloids."
-- Martin Laing, CIO, Societe Generale Australia
He said the finance sector's requirement of instantaneous performance and high levels of interfacing between complex systems, combined with rapid change, demanded CIOs be "creative" in maintaining control over operational risk.
"We must create an internal FUD factor that will demonstrate what we are protecting ourselves against," Laing said.
"We need to create the [FUD] and report on the risks and vulnerabilities that exist, and present to our board that direct action is required."
He cited Gartner's recommendation that 3.5 per cent of the IT budget in financial services should be dedicated to security alone - excluding disaster recovery and business continuity planning. Yet he questioned how many financial services providers actually allocated that proportion.
"We must continually show [management] that cutting corners is no longer acceptable behaviour," he said.
IT executives must convey to management that issues such as disaster recovery and business continuity are not just be the province of the IT department, said Laing. Final responsibility should lie with company management.
"[It's] very important that the management responsibility for your DR/BCP [disaster recovery/business continuity process] is held outside the IT department.
"Yes, IT will be part of the management team, and should be. But IT, like every other department of your bank, [must be] seen as a contributor in addition to a participant."
Steven Deare writes for ZDNet Australia
Disaster Recovery Specialist / Business Continuity Manager urgently sought by a major organisation based in their prestigious offices in South ...
Senior Sales Executive - Business Continuity Services - OTE 85K Uncapped IT/Telecommunications role with an exceptionally growing business within the ...
Experience required:*Extensive proven Business and IT Service Continuity experience.Wide experience & knowledge of the Business/Service Continuity ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Data Protection Strategies: Deduplication for More Efficient Backups
Dell PowerVault DL2100 Powered by CommVault - Spec Sheet
True Convergence Demands a Communication Service Provider that Embraces a Customer-Centric...
Learn how Performance Metrics for Telcomm Expense Management Drive new ROIs and SLAs
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Mark Crichard Doing business with citizen developers: Beware the legal pitfalls Legal Eye: Make sure your business is protected from potential hazards
Tim Ferguson How CIOs can achieve post-recession success Q&A: McKinsey & Company on living in the 'new normal' business world