This summer’s train bombings in Mumbai hit close to home for American CIOs with offshore operations in India. This time, no U.S. companies reported major interruptions. But in an increasingly integrated world, CIOs can’t afford to be reactive in their management of global risk, says Paul Laudicina, recently appointed chairman of A.T. Kearney and author of World Out Of Balance: Navigating Global Risks To Seize Competitive Advantage.
CIO: You formed A.T. Kearney’s Global Business Policy Council (a cross-section of business and policy leaders) more than a decade ago to study geopolitical shifts that could shape–or shake–the business environment. What’s changed?
Paul Laudicina: During those halcyon days, we were just beginning to reap the benefits of global integration and people thought that globalization would continue on uninterrupted as an ever-more positive series of developments. It wasn’t until the bursting of the tech bubble, corporate scandals like Enron and WorldCom, 9/11 and the other shocks that occurred around the turn of the century that people became more aware of the negative side of global connectedness.
What’s the CIO’s role in managing geopolitical risk?
CIOs are on the front lines and they’re beginning to worry much more broadly about what their exposure is, particularly with offshore IT and business process outsourcing. The first wave of offshoring was focused on application development and maintenance, both of which have relatively contained levels of risks. But as higher-level processes like R&D and design work go offshore, the risks increase. Today, CIOs have to consider, “What do I do if my financial data is lost or pirated? Or if our operations are interrupted by a terrorist attack?”
Do traditional business continuity plans provide enough protection?
Companies need to have a comprehensive risk management plan. That’s a plan that looks at all the important earnings drivers for a company and all the important processes they have in place around the world that could affect those drivers. You catalog all the things that could happen and develop risk mitigation plans for them. You have to make some hardheaded cost-based analyses of what risks you can afford to manage, and create very clear accountability.
What’s the role of technology in comprehensive risk management?
The CIO’s role is not just to enable the company to operate more efficiently and keep global IT and operations running, but also help the company understand how to use technology to wire around some of problems that may otherwise bedevil a company that’s growing globally.
After 9/11, if you looked at economic indicators there was a slowdown but technological indicators increased. Companies were using technology to wire around other potential interruptions. At Sun, for example, they’ve developed a software application that tracks and earmarks events that could affect their supply chain, from geopolitical issues to regulatory change in China. We’re seeing the beginnings of innovation in this area.
Is there an upside to global uncertainty?
By identifying risks, you are often able to identify opportunities. While creating a risk management strategy for a consumer products company, we identified the risks associated with some of their existing suppliers. But in the process of doing that, we uncovered new, lower cost suppliers they would have never looked into had they not been concerned about their existing risk.