Issues 3-6
Issue 3 - Business Accountability for Security and Risk Management.
Security and risk management is not just an IT issue. It is essential that the IT risk manager, using effective communications skills, persuade the appropriate IT owners and line-of-business managers to accept explicit, written responsibility for residual risk impacting their systems and processes, on either a direct or a dotted-line basis. Risk managers should develop mechanisms for assignment and acceptance of residual risk and risk decisions - for example, signature forms, processes, and policies that address the requirement and execution of risk acceptance. The risk manager should also develop mechanisms to convey residual risk levels that remove reference to technology but still support good risk-based decisions at a business level that may result in the implementation of technical controls.
Issue 4 - Lack of Business Intelligence Sponsorship.
Many IT leaders lament about issues such as the lack of a business intelligence (BI) vision and strategy; and overall business sponsorship and ownership for BI. Meanwhile, many business people believe there is little or no difficulty with BI as they continue using ad hoc methods to make business decisions. Gartner advises clients to use its ‘Business Intelligence and Performance Management Framework' model together with its ‘Four Worlds' model to build a more complete and integrated plan for BI initiatives and to yield greater returns from related business and IT investments.
Issue 5 - How Do I Get My Vendor to Deliver What I was Promised?
Opportunities for dispute abound when it comes to sourcing contracts. While users bear a responsibility to be competent buyers of sourcing services, both sides need to be more flexible in laying out a range of conditions and options that should be addressed in the contract. Vendors have seen most conditions and could therefore alert users when they are about to demand an incomplete or wrong contractual term or condition.
Issue 6 - "Turf"
Control and ownership-related friction that often exists between various IT groups and the enterprise architecture group becomes especially notable when multiple IT groups maintain high-level planning functions. Gartner recommends focusing on three core IT management disciplines - Enterprise Architecture, Business Process Management and Service Management - to streamline different viewpoints and provide the architectural guidance required to build solutions.
