Drive home the fear of failure, says financial services CIO
By Steven Deare
Published: 3 August 2005 12:30 GMT
CIOs should use marketing-style 'fear, uncertainty and doubt' (FUD) tactics to pressurise boards and senior management into properly resourcing and prioritising operational risk management, a veteran CIO claims.
Martin Laing, CIO of Societe Generale's Australian business and a 24-year IT veteran, told delegates at an Alphawest leaders' forum last week that CIOs should "employ the tactics of the sales force of our suppliers" to drive home the threat of failures in day-to-day business processes.
Laing said such operational failures could be highly damaging: "Think of the effect of not making [payments via the Society for Worldwide Interbank Financial Telecommunication messaging and interface system] for a few hours, or a senior executive being caught viewing undesirable internet sites and having that splashed across tomorrow's tabloids."
-- Martin Laing, CIO, Societe Generale Australia
He said the finance sector's requirement of instantaneous performance and high levels of interfacing between complex systems, combined with rapid change, demanded CIOs be "creative" in maintaining control over operational risk.
"We must create an internal FUD factor that will demonstrate what we are protecting ourselves against," Laing said.
"We need to create the [FUD] and report on the risks and vulnerabilities that exist, and present to our board that direct action is required."
He cited Gartner's recommendation that 3.5 per cent of the IT budget in financial services should be dedicated to security alone - excluding disaster recovery and business continuity planning. Yet he questioned how many financial services providers actually allocated that proportion.
"We must continually show [management] that cutting corners is no longer acceptable behaviour," he said.
IT executives must convey to management that issues such as disaster recovery and business continuity are not just be the province of the IT department, said Laing. Final responsibility should lie with company management.
"[It's] very important that the management responsibility for your DR/BCP [disaster recovery/business continuity process] is held outside the IT department.
"Yes, IT will be part of the management team, and should be. But IT, like every other department of your bank, [must be] seen as a contributor in addition to a participant."
Steven Deare writes for ZDNet Australia
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
The silicon.com CIO Jury provides one of the most influential voices in the IT industry, consisting of a fast-growing pool of senior business decision makers from some of the largest, most innovative companies in the UK. Increasingly recognised as both a barometer and catalyst for change within the IT industry the CIO Jury is the place to be if you are a leader rather than a follower.
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business