Who owns the risk of an IT change?

Stuart Rance posted an interesting blog about What Is Change Management For?. Then we had an excellent discussion about it on Google+, where some great stuff came up that I want to capture here in my IP repository (or "blog" for short). Tell me what you think:

Risk taking

In the last few decades it has become fashionable to adopt a higher risk profile in pursuit of flexibility, agility, competitiveness and ultimately higher profits. We are told by the experts that risk can be managed, mitigated, hedged. We all know how well that turned out for the financial industry in the 1980s, again in the 1990s, and again in the 2000s. Are we learning yet?

The hard fact about a higher risk profile is that sooner or later you will crash. Just because you got away with it last time doesn't mean you will next time.

We all tut tut about those evil bankers, and then we go and do it in IT.

Note to devops; smaller changes do not equate to less risk

To say smaller frequent changes are less risky is a dangerous fallacy. Tweet this

Knight Capital makes the point about the risks of automation

Knight Capital's disaster is a warning to us all in IT

ITIL Problem versus Risk

It was one of the great ITSM philosophers, Jan van Bon who first explained to me that Problem Management is but a special case of Risk Management.

In a purist theoretical sense he is right, but on a practical level I think the distinction is useful. It is certainly entrenched.

Contingency planning

As the recession deepens, perhaps we need to lighten up some and make sure we don't over-spend on risk mitigation.

Risk Management - the lost process of ITIL V3

Is Risk Management the "lost process" of ITIL V3?

Syndicate content