Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Storage & Clustering Community Blog
Showing posts tagged with #risk
Showing posts in English
dennis_wenk | 17 Jan 2013 | 0 comments

A principal challenge many enterprises face is identifying exposures to their complex IT infrastructures.   There are considerable business dependencies on this strategic resource and weaknesses within the IT-infrastructure may lead to serious business interruptions.   It is not enough however, to merely identify weaknesses; the impact of those weaknesses must also be clearly understood and quantified.  This is an important point because it is difficult to know how much to invest to strengthen the infrastructure unless there is a sense of the size of the risk to the organization.

IT infrastructures can fail due to a wide range of events.  These events can be as simple as a process failure or as catastrophic as a full system crash.  It is unrealistic and costly to eliminate each and every harmful event; therefore, a priority ranking based on the consequence of the event is very useful.  Ranking the potentially damaging events based on...

dennis_wenk | 17 Jan 2013 | 0 comments

Oh yes you DO need to know Probability! Many of Professional and Thought-Leaders have said that ‘there is no reason to know probabilities to know that a big risk exists’ and that it should be intuitively obvious that losing a datacenter would be very bad.  So then, if the IT-infrastructure risk is so self-intuitive then value does not lie in identifying the most serious risks, these risks are self-evident. The value lies in determining the optimal ‘investment’ to mitigate the most serious risks.  In this context, optimal means to allocate the organization’s resources to those actions that will yield the best overall performance.

So even if these self-intuitive, gut feeling about the risks are right, it is not the most effective way to justify the appropriate level of investment.  The fact, this is the reason that many in IT find it difficult to provide a valid ROI for HA/DR solutions; because they fail to understand the value that...

dennis_wenk | 09 Jan 2013 | 0 comments

A real crisis is happening now and if we really want to reduce losses for our organization then we will need to adjust our focus.  We don’t have to wait for any pandemic or catastrophe to strike; organizations are experiencing losses that range between $35 billion and $500 billion per month.  If these losses are the result of best practices that are intended to protect our organizations from crisis, then some might even consider these regulations and best practices to be gravely dysfunctional.   

Compliance with federal, state, and international privacy and security laws and regulations often is more an interpretive art than an empirical science—and it is frequently a matter for negotiation.  When business metrics are applied to compliance, many companies decide to deploy as little technology or process as possible—or to ignore the governing laws and regulations completely. Every company weighs the cost of...

dennis_wenk | 08 Jan 2013 | 0 comments

Stakeholders are becoming increasingly concerned about accountability and management of operational risks.  Regulations like HIPAA, Sarbanes-Oxley, and Basel II are placing requirements that are more stringent on corporate governance.  More and more high technology is embedded in the operating fabric of the organization and, in many respects, technology is the organization.  Amazon and eBay are outstanding examples of businesses created by and totally dependent on technology.  It is this reliance on technology and escalating dependency on interconnected infrastructures that has elevated the exposure to business interruptions.  These interdependencies ripple through an organization, as well as outside to major stakeholders:  customers, suppliers, lenders, and partners.

Simultaneously, non-conventional threats such as, denial of service, hacking, and September 11th 2001 changed the very nature of operational risk instantaneously and on a...

dennis_wenk | 18 Dec 2012 | 0 comments

Operational risk is everywhere in the business environment, every decision has its share of uncertainty.  Nothing is a sure thing, yet we when we make important decision we certainly want to “keep the odds in our favor”.  I have often heard the terms like ‘risk appetite’, ‘risk tolerance’, or ‘risk aversion’ used in reference to making forward-looking choices about operational risk as if we can rationally and effectively manage risk based on our subjective feelings.  These terms, however, provide little guidance and position risk-management in the domain of oracles and soothsayers.  Business is not a game of chance based on our subjective ‘feelings’ regarding operational risk. 

The stakes are too high relative to operational risk to leave it to subjective guesses or ‘gut’...

dennis_wenk | 05 Oct 2012 | 0 comments

The Effectiveness of internal control systems is now an issue for public policy and formal law. Section 404 of the Sarbanes-Oxley law is aimed at helping companies prevent financial reporting mistakes and fraud. The rule requires companies to include in their annual reports:

  • A statement of management's responsibility for establishing and maintaining "adequate" controls over financial reporting
  • Management's assessment of the effectiveness of the company's internal controls
  • A statement identifying the framework used by management to evaluate the effectiveness
  • An auditor's report on management's evaluation of internal controls
  • Any material weaknesses identified in the internal controls review

While the rule only requires companies to disclose material weaknesses in their annual reports, many companies have begun alerting investors about deficiencies and potential problems. The rule is intended...