Mitigating risk means effective management

Every day businesses are exposed to many different types of risks, be it to their data; through virus infection - productivity; through labour problems - or assets; through natural disaster or terrorist action.

J"urgen M"uller, a director of Quintica, the South African representative of Marval Corporation and the distributor of the Marval Service Management (MSM) application, looks at the risks companies are facing today, and suggests options for their mitigation.

Risk management is a multi-disciplinary field and covers a large and overlapping range of business areas.

This is clearly underlined in the Municipal System Act of 2000, which establishes a framework for risk management that includes planning, organising, co-ordinating and controlling the effective use of resources and organisational change within a business context.

With the disaster in London on 7 July 2005 still fresh in most minds, it is appropriate that the focus of this article should fall on corporate assets and their safeguarding.

Not only is the maintenance and management of corporate assets sound common sense, they are the fundamental requirements of "good governance" legislation.

Globally, good corporate governance is now an entrenched aspect of the business landscape. The principles that devolve from the Sarbanes-Oxley and King II reports apply across all aspects of risk in business.

Against the backdrop of threats to the well-being of individuals and companies today, there are real business benefits to be gained from embracing the opportunities presented by the concept of risk management.

From a corporate assets perspective, deployment of asset risk management strategies provides decision-makers with real-time, easy access to information that will allow consistently high-quality decisions to be taken, no matter what the threat.

Asset risk management is also about risk model development, the formulation of process review procedures, as well as investment decision-support tool specification and development.

Risk models define the risk criteria and tolerability while predicting the effects of an asset failure on the business - and whether the business can tolerate it or not.

Review procedures assist managers to understand how well their risks are being managed through existing controls, while investment decision-support tools help determine what level of control is appropriate. This is after having conducted a detailed analysis of associated costs and benefits of each risk mitigation strategy.

In addition, risk management strategies should involve the institution of comprehensive and fully transparent monitoring and reporting processes with built-in incentives to encourage desired behavioural change.

Risk management applications should also enable organisations to address corporate governance requirements by facilitating the development - and supervising the maintenance - of real-time hardware and software asset registers.

The understanding of what assets are where in the organisation, as well as who is using them and what they are being used for, will help an organisation to define and enforce governance policies down to individual user level.

This understanding will also help organisations to build and maintain an historical record of changes to the status of all assets for audit and forensic purposes.

Central to asset risk management is the development of appropriate strategies to address disasters - natural or otherwise.

Asset risk management procedures will dramatically reduce the time needed to restore critical business services in the event of their disruption.

It will also reduce the need for - and costs associated with - the procurement of new equipment by being able to pinpoint the exact location of damaged items, for possible re-use.

Asset risk management solutions will also reduce the exposure of staff and technicians to the hazardous conditions that often accompany a disaster - such as fire, chemical spill or compromised structural integrity of the buildings - by being able to pinpoint exactly where equipment and critical resources are located.

From an IT point of view, asset risk management will help identify the available server capacity across the organisation for the re-housing of critical resources, at the same time providing detailed lists of equipment destroyed, lost and recovered to aid the work of the insurance assessors.

The Information Technology Infrastructure Library (ITIL) is a set of best practices used to deliver high quality IT services. The best practices described in ITIL represent the consensus derived from over a decade of work by thousands of IT and data processing professionals' worldwide, including hundreds of years of collective experience.

Because of its depth and breadth, ITIL has become the de facto world standard for IT best practices.

From a disaster recovery perspective, many companies have experienced the frustration associated with attempts to create order out of chaos following a catastrophic event.

ITIL has emerged as a different approach to disaster recovery - and asset risk management - by focusing on the critical business processes and disciplines needed to deliver services, particularly around IT.

By defining IT quality as the level of alignment between the actual services delivered and the actual needs of the business, ITIL serves as a common point of reference for the company and its business units as it sets out to make up for lost time following a disaster.