Case Study: Technical Risk Management in the Airline Industry
Complex IT environments can pose significant technical risk that, if not managed adequately, have the potential of major disruption to customers and critical business functions.
The overall reliance on Technology today makes technical risk management a number one priority in any organisation, but what is technical risk and how can it be mitigated. A very simple definition of risk is “The exposure to danger”. In other words, it is the likelihood of IT systems failing, putting the business into the position where it cannot provide services to customers for prolonged periods of time.
Risk is measured by the likelihood of occurring and the consequences that follow the risk event. This measurement allows technical specialists to rank and prioritise risk across the organisation to direct mitigation efforts and funds to applications or infrastructure with the highest exposure.
Types of Technical Risk
The risks with the highest visibility are Security and failing systems due to Technical Obsolescence. Security risk measures; the likelihood of data being exposed or functions being denied that are critical to the running of the business. Besides to the obvious denial of service, the risk of data being lost can have legal ramifications as well as can create major trust issues for the brand.
The most obvious risk of technical obsolescence is hardware or software that fails because systems are out of support and/or cannot be easily replaced. Often organisations “sweat the hardware” beyond reasonable measures. This is due to budget decisions over the years that result in postponing initiatives to replace aging IT components. Far too often organisations underestimate the effect system failure has on the continuation of business functions until it’s too late.
There are many other technical risks in the organisation that need addressing. In order to manage the risks, a well-defined risk management framework is required that allows identification, measurement and mitigation of all risks across the technical landscape.
Two approaches of managing technical risk are possible. In a more decentralised IT organisation, risk should be addressed by the BAU teams that support individual business domains. Here, risk mitigation is built into the KPIs of domain owner. This works well for all decentralised functions and specific applications within a business domain. The drawback of this approach is that centralised functions and strategic technology initiatives often are underfunded causing the organisation to fall behind the state of the art technology choices.
The second approach to deal with risk is to establish a centralised risk function and/or risk management programme. This programme can address all technical risks based on priority. Depending on the size of the organisation and the exposure to security risks it might be advisable to separate cyber security from the overall risk management programme. The reason for this is that, the prioritisation of security risks always takes higher priority with the consequence of other risks not being adequately addressed.
The programme in the airline industry used the second risk mitigation approach with a central risk mitigation process. For all risks other than Cyber Security where a Group wide risk programme was established. This programme was running on an annual budget that was estimated based on expected effort for technical components in the priority list.
Fusion Professionals provided architectural guidance and governance in the process. The Primary outcome was a risk prioritisation framework that was modelled around the Cobit 5 (https://cobitonline.isaca.org/) Risk Management framework. This process assembled all available risk measures into a single review and weighting process.
The outcome was a process that allowed objective vetting and prioritising of applications and infrastructure components across multiple business domains.
The main challenge in developing this framework was to get the correct input data from the various stakeholders and systems. The next significant challenge was to develop correct weightings across the different technology components.
A second major deliverable was the oversight in the delivery of the mitigation initiatives. Fusion Professionals provided Leadership in the architecture space to guide the different delivery teams and vendors to a coordinated delivery of the different technologies.
The challenge in this space lays in the vast variety of different technologies and the understanding disconnect between the business stakeholders and the technology specialists. The team had to work very closely and utilise a number of different skills in order to develop the best technical solutions and risk visualisation models to rally the support of a diverse range stakeholders.
Risk management is essential for long term successful delivery of IT services to enterprise business’ and the Airline industry particularly. As a rule the KPI of having functioning IT should be part of any business domain leadership role. This way the business is directly responsible for all functions including IT within the business which fosters a greater sense of ownership.
Strategic Initiatives must be part of a centralised function that delivers the future framework and addresses the risk of using obsolete technical solutions. The aim is to improve and keep the overall IT processes and frameworks current. This optimises the IT delivery within the domains and ensures the technology stack is state of the art.
Moving out from proprietary software seems like a daredevil act, considering the possible data security issues some open source databases…MORE INFORMATION
The Challenge Complex IT environments can pose significant technical risk that, if not managed adequately, have the potential of major…MORE INFORMATION
Fusion Professionals has signed a partnership agreement with Waterline Data ( https://www.waterlinedata.com/ ) the leading provider of Information Catalogs and…MORE INFORMATION
Most people do not like change. As much as possible, they want things to stay the same that is why,…MORE INFORMATION
Regardless of your infrastructure whether you are running in the cloud or on-premise, there will always be a need to…MORE INFORMATION
Data Analytics tools provide Data Scientists and Data Engineers with the instruments to find patterns in data and provide business…MORE INFORMATION
Fusion Professionals held its Fusion Meld 2018 event last Thursday, the 17th of May at the Terrace Hotel in North…MORE INFORMATION
Over the past 10 years, data has grown into a behemoth that dominates business intelligence. A huge percentage of the…MORE INFORMATION
A data lab is a well-equipped environment that allows organisations to explore and examine new ideas by combining new data…MORE INFORMATION
Technology is changing our world at a rapid rate. For companies to stay competitive they must adapt to the changing…MORE INFORMATION
Another 12 months passes and the AWS Summit rolls into town, now hosted at the new impressive Sydney ICC! So what…MORE INFORMATION
DevOps has well and truly arrived. Having a team combining development and operations is superseding the traditional model where these…MORE INFORMATION
We may not know it, but we’re consuming huge amounts of data every day. Whether it’s through Siri, Google, Microsoft,…MORE INFORMATION
Fusion Professionals, a Sydney-based IT consulting firm and a Gold level member of the Oracle Partner Network (OPN) today announced…MORE INFORMATION
This week Fusion Professionals held their annual summit at the Rag & Famish hotel in North Sydney. The summit is…MORE INFORMATION
Working with a large, well-resourced enterprise has many benefits – including having the scope to look at new ways of…MORE INFORMATION
Who doesn’t like some certainty in their lives?! It’s human nature to crave it. So, when we are lining up…MORE INFORMATION
Building a business case is a familiar and routine process for any IT investment project. But is there a possibility…MORE INFORMATION
Fusion Professionals and Australian research and advisory firm BigInsights, recently hosted an industry breakfast to discuss how organisations can capitalise…MORE INFORMATION
Are you considering taking advantage of the Amazon Web Services (AWS) platform but are concerned about the risks involved in…MORE INFORMATION