– Jeffrey Baldwin, VP of Alliances and Technology at Syntex Management Systems (www.syntexsolutions.com), says:
Key to the successful execution of an Enterprise Risk Management continuous improvement initiative lies in the organization’s ability to establish a common platform for mitigating risk exposures. These exposures either connected with or related to a corporate datacenter, are discovered from both reactive (incident-based) and proactive (assessment-based) work processes. Integration of these typically disparate processes and systems provide leaders with information that raises the awareness of and improves responsiveness to resolving management system weaknesses. It is the information about these weaknesses which expose their company to operational risks, compliance issues, and other costly consequences. To effectively execute continuous process improvement, organizations need a single risk management backbone to integrate their various management systems and provide a framework for predictable, consistent execution.
The desired outcome of a fully integrated risk management process is to reduce the variability in process execution and system or personnel downtime. All of which ultimately produces more predictable financial and operational results for the entire organization. The good news for a datacenter operation is you can start this journey by leveraging your existing systems and processes. The first step is to aggregate a single repository of risk data by consolidating the risk process information from your existing financial, operational and risk data or systems. Within each risk process domain, you’ll be able to identify similar data that is captured when an event is reported (a loss or audit finding), when the potential risk is assessed, when root cause is analyzed, when a process correction is implemented, and when best practices are shared. This consolidated process data will be needed to assess a company’s actual risk profile. SAS 70 Level I and II audits may be a good potential source for this type of data.
An additional vital step in implementing a continuous risk management improvement approach is proactively evolving the company’s risk management culture. One common factor between companies with strong Enterprise Risk Management practices is that they have an enterprise IT management system that is imbedded as part of their core processes and culture. In companies with strong risk management cultures enabled through a management system, they embed this process orientation in all operational aspects of the business which is included from the very beginning of employment starting with the way they train employees to do their jobs. This “Plan, Do, Check, Act” (PDCA) orientation reduces variation and creates more predictability in the operations of the company.