Case Study: Technical Risk Management in the Airline Industry
Complex IT environments can pose significant technical risk that, if not managed adequately, have the potential of major disruption to customers and critical business functions.
The overall reliance on Technology today makes technical risk management a number one priority in any organisation, but what is technical risk and how can it be mitigated. A very simple definition of risk is “The exposure to danger”. In other words, it is the likelihood of IT systems failing, putting the business into the position where it cannot provide services to customers for prolonged periods of time.
Risk is measured by the likelihood of occurring and the consequences that follow the risk event. This measurement allows technical specialists to rank and prioritise risk across the organisation to direct mitigation efforts and funds to applications or infrastructure with the highest exposure.
Types of Technical Risk
The risks with the highest visibility are Security and failing systems due to Technical Obsolescence. Security risk measures; the likelihood of data being exposed or functions being denied that are critical to the running of the business. Besides to the obvious denial of service, the risk of data being lost can have legal ramifications as well as can create major trust issues for the brand.
The most obvious risk of technical obsolescence is hardware or software that fails because systems are out of support and/or cannot be easily replaced. Often organisations “sweat the hardware” beyond reasonable measures. This is due to budget decisions over the years that result in postponing initiatives to replace aging IT components. Far too often organisations underestimate the effect system failure has on the continuation of business functions until it’s too late.
There are many other technical risks in the organisation that need addressing. In order to manage the risks, a well-defined risk management framework is required that allows identification, measurement and mitigation of all risks across the technical landscape.
Two approaches of managing technical risk are possible. In a more decentralised IT organisation, risk should be addressed by the BAU teams that support individual business domains. Here, risk mitigation is built into the KPIs of domain owner. This works well for all decentralised functions and specific applications within a business domain. The drawback of this approach is that centralised functions and strategic technology initiatives often are underfunded causing the organisation to fall behind the state of the art technology choices.
The second approach to deal with risk is to establish a centralised risk function and/or risk management programme. This programme can address all technical risks based on priority. Depending on the size of the organisation and the exposure to security risks it might be advisable to separate cyber security from the overall risk management programme. The reason for this is that, the prioritisation of security risks always takes higher priority with the consequence of other risks not being adequately addressed.
The programme in the airline industry used the second risk mitigation approach with a central risk mitigation process. For all risks other than Cyber Security where a Group wide risk programme was established. This programme was running on an annual budget that was estimated based on expected effort for technical components in the priority list.
Fusion Professionals provided architectural guidance and governance in the process. The Primary outcome was a risk prioritisation framework that was modelled around the Cobit 5 (https://cobitonline.isaca.org/) Risk Management framework. This process assembled all available risk measures into a single review and weighting process.
The outcome was a process that allowed objective vetting and prioritising of applications and infrastructure components across multiple business domains.
The main challenge in developing this framework was to get the correct input data from the various stakeholders and systems. The next significant challenge was to develop correct weightings across the different technology components.
A second major deliverable was the oversight in the delivery of the mitigation initiatives. Fusion Professionals provided Leadership in the architecture space to guide the different delivery teams and vendors to a coordinated delivery of the different technologies.
The challenge in this space lays in the vast variety of different technologies and the understanding disconnect between the business stakeholders and the technology specialists. The team had to work very closely and utilise a number of different skills in order to develop the best technical solutions and risk visualisation models to rally the support of a diverse range stakeholders.
Risk management is essential for long term successful delivery of IT services to enterprise business’ and the Airline industry particularly. As a rule the KPI of having functioning IT should be part of any business domain leadership role. This way the business is directly responsible for all functions including IT within the business which fosters a greater sense of ownership.
Strategic Initiatives must be part of a centralised function that delivers the future framework and addresses the risk of using obsolete technical solutions. The aim is to improve and keep the overall IT processes and frameworks current. This optimises the IT delivery within the domains and ensures the technology stack is state of the art.
Challenges The Company, one of Australia’s largest and fastest growing Telco companies had 2 primary SharePoint environments that had different…MORE INFORMATION
Containerization allows applications to run on any machine- anytime, anywhere so long as they are compatible. By virtualizing your OS,…MORE INFORMATION
So you’ve finally decided that the cloud is safer than corporate data centers and digital assets and you’ve chosen to…MORE INFORMATION
Building a system that houses your organisation’s data can be daunting, especially now that data acquisition is growing rapidly. The…MORE INFORMATION
Human-to-machine communication has not yet been perfected, but enterprises are already beginning to integrate this groundbreaking technology into their operations,…MORE INFORMATION
Fusion Professionals has signed a partnership agreement with MapR Technologies, provider of the industry’s leading data platform for AI and…MORE INFORMATION
“Big data is at the foundation of all of the megatrends that are happening today, from social to mobile to…MORE INFORMATION
In recent years data volumes have been increasing dramatically. This has created major challenges for traditional analytics platforms in terms…MORE INFORMATION
With the increasing volumes of data that can be cost effectively stored in the cloud, comes increasing responsibility. The current…MORE INFORMATION
With the advancement of technology and abundance of data your business receives on a daily basis, companies are now in…MORE INFORMATION
Fusion Professionals held its annual Fusion Summit last Thursday the 18th of October at the Rag and Famish Hotel in…MORE INFORMATION
The Client is one of major NSW government departments providing services to public. The Department had been experiencing performance issues…MORE INFORMATION
Though its conception dates back to 1979, containers made their mark as much needed, major technology assets in 2000. Digital…MORE INFORMATION
Objective The intelligent mobile app-based lending system is a new field, blending recent technical developments in mobile phones and Artificial…MORE INFORMATION
Our Client is a well-known Australian freight logistics company, operating in railway freight and shipping. The company embarked on a…MORE INFORMATION
Data warehouse management and data analytics always had the challenge to decide what data to store and for how long…MORE INFORMATION
Cloud computing is becoming a preferred storage platform for IT managers and organisations in general. In Australia alone, 31 percent…MORE INFORMATION
Serving your customer in the best possible, most efficient way should always be the major goal of any organisation. The…MORE INFORMATION
Moving out from proprietary software seems like a daredevil act, considering the possible data security issues some open source databases…MORE INFORMATION
The Challenge Complex IT environments can pose significant technical risk that, if not managed adequately, have the potential of major…MORE INFORMATION