Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives
Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)
Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.
Webcast: Collaboration Initiatives: Benchmarks & Best Practices
Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)
Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.
Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices
This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.
Learn more about the CIO Executive Council »February 26, 2008 — CIO —
This story was updated in the May 1, 2008 issue of CIO magazine to include new reporting. Read the latest version of this story here.
It's a lethal combination of process oversights and system failures that is the stuff of CIO nightmares: An investigation into rogue trader Jerome Kerviel's fraudulent actions at Societe Generale bank uncovered an apparent break down in financial and internal IT controls subverted by an employee with IT know-how and authorized systems access.
The well-known tale of Kerviel's exploits, which led to more than $7 billion in losses for the bank, is serving as a wake-up call to businesses everywhere. "It's started the conversation around these issues," says Scott Crawford, a security expert and research director at Enterprise Management Associates. (EMA) And executives, he says, are now asking themselves, What can we do to ensure that the risk exposure of the business itself is managed effectively, in addition to what role IT should play?
Answering that question, however, isn't so easy. First, many executives don't have a good enough understanding of where their risks actually are, Crawford says, and therefore don't know where they need more robust controls.
This is compounded by that fact that some executives might not want to be made aware of their company's risks. "Once you know what your exposure is, you are no longer ignorant," Crawford says. "And if you choose not to mitigate a known risk or at least not address it, then the issue potentially becomes one of negligence." (Which is precisely why regulations like Sarbanes-Oxley require top execs to put their names on their company's financial documents.)
As a previous CIO article on the Societe Generale scandal notes, several former risk-control executives quoted in a Wall Street Journal article said that financial institutions of all types are notorious for weakening risk-management procedures when times are good and profits are flowing fast. The Journal article cites the "months of misery" endured at top U.S. banks and securities firms, which are being clobbered by the mortgage crisis, as evidence of such lax risk controls come to fruition.
In addition, even if executives are made aware of the risks, they have a tough time balancing the potential gains from a risky endeavor versus the potential losses, Crawford says. "There's always this delicate balancing act between taking advantage of opportunities and doing an effective job of IT risk management," he notes. "This notion of business risk exposure in IT still is a challenge particularly for the CIO but for the business as a whole."