
Drive home the fear of failure, says financial services CIO
By Steven Deare
Published: 3 August 2005 12:30 BST
CIOs should use marketing-style 'fear, uncertainty and doubt' (FUD) tactics to pressurise boards and senior management into properly resourcing and prioritising operational risk management, a veteran CIO claims.
Martin Laing, CIO of Societe Generale's Australian business and a 24-year IT veteran, told delegates at an Alphawest leaders' forum last week that CIOs should "employ the tactics of the sales force of our suppliers" to drive home the threat of failures in day-to-day business processes.
Laing said such operational failures could be highly damaging: "Think of the effect of not making [payments via the Society for Worldwide Interbank Financial Telecommunication messaging and interface system] for a few hours, or a senior executive being caught viewing undesirable internet sites and having that splashed across tomorrow's tabloids."
-- Martin Laing, CIO, Societe Generale Australia
He said the finance sector's requirement of instantaneous performance and high levels of interfacing between complex systems, combined with rapid change, demanded CIOs be "creative" in maintaining control over operational risk.
"We must create an internal FUD factor that will demonstrate what we are protecting ourselves against," Laing said.
"We need to create the [FUD] and report on the risks and vulnerabilities that exist, and present to our board that direct action is required."
He cited Gartner's recommendation that 3.5 per cent of the IT budget in financial services should be dedicated to security alone - excluding disaster recovery and business continuity planning. Yet he questioned how many financial services providers actually allocated that proportion.
"We must continually show [management] that cutting corners is no longer acceptable behaviour," he said.
IT executives must convey to management that issues such as disaster recovery and business continuity are not just be the province of the IT department, said Laing. Final responsibility should lie with company management.
"[It's] very important that the management responsibility for your DR/BCP [disaster recovery/business continuity process] is held outside the IT department.
"Yes, IT will be part of the management team, and should be. But IT, like every other department of your bank, [must be] seen as a contributor in addition to a participant."
Steven Deare writes for ZDNet Australia
Significant understanding of the server OS and storage technologies used to achieve high levels of business continuity and disaster recovery for web ...
Do you have an understanding of Business Continuity, Data Protection and Security? The second role focuses on other key market segments for HP, ...
Significant understanding of the server OS and storage technologies used to achieve high levels of business continuity and disaster recovery for web ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
July 10th: Just MASH Marketing: The Customer Reference Mashup
GMP Calibration Software Implementations: Containing Costs and Managing Risk
Braskem: Invests in Intel Processor-Based Hardware Consolidation and Standardization...
AGA Linde Healthcare Transforms Sales and Service Processes With PeopleSoft Enterprise...
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Simon Moores Why I'm planning a change of career IT just isn't fun any more…
Martin Atherton Time to green-light sustainable IT But think it through first…