Skip to content

PFPC: Building an IT Risk Management Competency

Title Author(s) Type Topic(s) Comments Date
PFPC: Building an IT Risk Management CompetencyWesterman, George
Walpole, Robert
Working PaperIT-related Business Risk12005-04-01
Abstract: IT risk management is becoming increasingly important for CIOs and their executive counterparts. Educators and managers have materials they can use to discuss specific IT risks in project management, security and other risk-related topics, but they have few resources they can use to have a holistic discussion of enterprise-level IT risk management. This case is intended to address the gap. It describes the IT risks facing a large financial services firm, PFPC, as a result of rapid growth, a large merger and distributed management of the IT function. The firm's first enterprise-wide CIO, Martin Deere used risk management as a key pillar in a major revamp of the firm's applications and IT capabilities. The case is rich in detail on the firm's IT risks, the new risk management process, including examples of the firm's risk management tools. It also describes early lessons and outcomes in the implementation of risk management capabilities. The case has enough richness and potential controversy to engage students from the undergraduate through executive levels in an informative and interesting discussion of IT risk management.

Log in to download this publication.

Search all publications.


Post your comment

March 16, 2016

Applying agile methodologies to security process would break the process down into testable stories. Each story could then be analyzed for its contribution to risk. Once a story is analyzed it can then be classified. The end result is organizational knowledge and continuous improvement.
Security management requires consistent reporting and assessment of risk. Breaking process down to stories makes it more likely to expose risks. Those risks can then be added to the Technology Risk Management system. Because Agile process increases the frequency of analysis, risk is more likely to be assessed and the consistency of the analysis improves.

RSS feed for comments on this post.

You must be logged in to post a comment.