Regular marked price: $35.00Discount Price: $23.10
Cost Savings: $11.90 (34%)Price fluctuation possible.
How soon does it ship: Normal ship time within one day
Shipping? Absolutely FREE if you qualify for Super Saver Shipping.
Type of bind: Hardcover
Dewey Decimal Number: 658.4038
EAN num: 9781422106662
ISBN number: 1422106667
Label: Harvard Business School Press
Manufacturer: Harvard Business School Press
Quantity: 1
Page Count: 221
Printing Date: August 21, 2007
Publishing house: Harvard Business School Press
Sale Popularity Level: 101624
Studio: Harvard Business School Press
Other books you might be interested in perusing:
Editor's Notes and Comments:
Product Description:
Are you exposing your business to IT risk, and leaving profit opportunities on the table? You might be if you are managing your IT risk using more traditional approaches. IT Risk, a new book based on research conducted by MIT s Center for Information Systems Research and Gartner, Ltd., helps companies focus on the most pressing risks and leverage the upside that comes with vigilance.
Traditionally, managers have grouped technology risk and funding into silos. IT Risk outlines a new model for integrated risk management, which identifies three core areas you can develop to eliminate the problems that silo strategies create. The authors also offer specific ways to make the most of your new found advantage. And because IT risk is the responsibility of all senior executives not just CIOs this book describes the tools and practices in language that general managers can understand and use.
Named a top-ten managerial book of 2007 by CIO Insight magazine
User popularity level:
Rated by buyers 
-
When I was asked to design an IT Risk Management program beyond just data security for an IT department of a Fortune 100 company, I performed a significant amount of research of existing material. After engaging both internal and external research departments, then reading dozens of books and hundreds of articles and white papers, I decided to...on a Saturday after a surfeit of information overload and blurred vision...search in Amazon.com.
And I happened upon this book.
Since I was designing the framework and governance, I needed practical models. Westerman and Hunter provided many, of which I have applied several which work well in a large and complex company. As an example, applying the 4A's provided clear snapshot insight in one page for our executives.
My copy of this book is so dog-earred, tabbed and highlighted, but even as beat-up as it appears, it remains on top of my desk as a quick reference. I certainly hope Westerman and Hunter come out with a sequel.
Rated by buyers 
-
Hunter and Westerman have managed to write an entire book about the risk of IT without actually quantifying any particular IT risks. The empirical data they present has nothing to do with actual risks like project failures, unrealized benefits, or changing technology. They simply present the results of surveys of CIO's. Imagine if your insurance company computed risks by surveying the perceptions of risks of their customers. Instead, insurance companies use real historical data plugged into some real mathematics. Doug Hubbard's book How to Measure Anything: Finding the Value of "Intangibles" in Business actually says more about the real quantified risk of IT than Hunter and Westerman even though that's not the only focus of his book. I would highly recommend reading Hubbard before reading Hunter and Westerman only because it will radically alter your expectations for what should count as valid risk analysis.
Hunter and Westerman do, however, list some useful *types* of risk even though they don't offer a valid measurement. The risk management approaches are probably useful, although they are also limited by the lack of quantification. After all, how do we manage risk without measuring it? When the authors do get to proposing a method to assess risk, they describe what boils down to a simple weighted score. Not surprisingly, this is NOT how actuaries and statisticians quantify risks. The method the authors propose is no better than astrology.
Rated by buyers -
For my graduate degree, I've done a lot of research on goverance, risk and compliance and I found this book to be an awesome read for anyone looking to simplify their approach to enterprise risk management. The concept of the 4a's makes sense and the impact each has on the tiers above them is very powerful understanding. If you're looking for mathematical equations to prioritize risk, this book is not for you. However, if you're looking for places to start assessing risk within your company, buy the book.
I also liked the three disciplines of risk management and felt it to be very compatible for most small, medium, and large organizations. Like most of the other comments about this book, I believe this book to be at the perfect depth for any C-level executive.
Of all the books out there that I've read on enterprise risk management, this book is by far the most capable of applying conceptual ideas into real life implementable practices to fit any business scenario.
I definitely give it 5 stars!
Rated by buyers -
Have you ever had your business disrupted because some aspect of your IT systems stopped working? The reality is that many of the critical processes of your business and many key capacities are based on computers and software. Any IT risk you face is also a business risk and you have to manage them accordingly.
This book provides a framework for making your IT risks visible. They call them the 4A framework (availability, access, accuracy, agility). During your discussions, the tradeoffs involved will become clear and can be actively declared and chosen. The other alternative is to make choices based on politics and expediency until something blows up and the blame game begins.
The authors then discuss the three disciplines: building a solid and smaller foundation of systems, rationalizing your processes, and building a risk-aware culture. As you do that, some of your assumptions in the 4As will likely have to be revisited and the new understanding can be iteratively added in.
I enjoyed this book and think the discussions would be good for any company to have. The examples of how real life businesses handled (or suffered for not handling) these issues are well chosen. I also appreciated the real world advice the authors give. For example, they warn you that your real world track record in handling big initiatives will matter in pulling off a project such as this.
Also, if this project doesn't matter to your CEO and is not strongly led by senior management, getting this done will be very difficult. And the discusion of the trade-offs of doing this kind of transformation quickly (a few years) versus a deliberate and conservative pace (a decade) are enlightening. The point of handling vulnerabilities very first rather than fretting about threats of attack is spot on.
The book is quite helpful, easy to read (not full of jargon), and the topic is important to modern businesses.
Reviewed by Craig Matteson, Ann Arbor, MI
Rated by buyers 
-
Finally... a book on Information Technology risk that didn't put me to sleep or infuriate me to no end... IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. This book and approach makes sense, and weighs options in conjunction with the business rather than in an ivory tower.
Contents:
IT Risk and Consequences; The 4A Risk Management Framework; The Three Core Disciplines of IT Risk Management; Fixing the Foundation - Strengthening the Base of the Pyramid; Fixing the Foundation - Simplifying the Installed Base; Developing the Risk Governance Process; Building a Risk-Aware Culture; Bringing the Three Disciplines Up to Speed; Looking Ahead; Ten Ways Executives Can Improve IT Risk Management; Notes; Index; About the Authors
I'm a software developer, and I'm paid to design and build solutions for our organization. I love what I do, and I *do* realize that there are risks inherent in the choices I make in terms of design. Where I get frustrated is when numerous people review code or designs, and come up with an endless list of "risks" that are posed by your particular design. But at some point, choices need to be made as to what's an acceptable risk and what isn't. And that's where the process often fails. It's safer to discuss and do nothing than to assess risk and choose a path. The 4A framework proposed by the authors help get to this point. The four A's are Availability, Access, Accuracy, and Agility. These areas make up the risk profile for an organization, and allow both the business and IT to talk about risk from the same angle... what benefits the business, what could harm the business, and what are the tradeoffs. These areas are framed against three core disciplines of risk management... the process, an awareness of risk, and the foundation of the IT base. Again, the explanations of these disciplines are clear and concise, and deal with practical reality rather than a theoretical elimination of any and all risk to an enterprise. Because as any IT person will tell you, there is no way to eliminate all risk.
I could see this book being useful for a company that hasn't really addressed a structured risk management process for their IT assets. Time spent here will save you plenty of time, money, and headaches down the road. And for those IT departments who seem to be paralyzed with fear, this could help you break the logjam and start dealing from an angle of practicality.
Find other books like this one:
