Title: Beating IT Risks
Authors: Ernie Jordan and Luke Silcock
Publisher: John Wiley
ISBN: 0 470 02190 X
Pages: 278
Reviewer: David Evans
Price: £39.95
Books on risk and risk management are not exactly thin on the ground – Amazon UK lists well over a thousand. However, IT risks are far less well understood – the number of books in this area can be counted on the fingers of one hand. This is surprising given the importance of IT in almost all areas where risks are taken and money can be made or lost. However, many spectacular failures over the last few years in both the public and private sector bear witness to the fact that managing IT is not easy.
Jordan and Silcock have produced an attractive and readable book on a complicated subject. Their backgrounds are both practical (real world management and consultancy) and academic, and being Australian, they bring a refreshingly different perspective to a subject that always seems to be dominated by Americans. They use an international mixture of examples, from Asia, Australia, Europe and North America to illustrate both the good and the bad in the management of complicated IT projects. A couple of pages highlight a quietly successful UK project of enormous dimensions (the redevelopment of GCHQ a few years ago – Europe’s largest ever IT relocation), alongside an embarrassing farrago (the collapse of the e-University last year).
Some of the key messages of the book are, as so often in management, really quite simple. The first is that IT risk should be managed like any other business risk. Many of the failures of recent years tend to stem from the assumption that IT can reduce costs and solve problems while being somehow immune from the kind of boring issues that plague other areas. A second is that technologists, business managers and directors need urgently to develop a shared language for dealing with IT risk – all too often they are talking at cross purposes. A third is that sometimes the most obvious risks are overlooked – all studies of IT security suggest that the human interface is usually the weakest and the easiest to get round. People will freely give their passwords to anyone who sounds plausible and asks for them – crooks in white coats can wheel away million pound servers from the Australian customs department without anyone questioning them. And finally, many organisations have woefully inadequate backup and disaster recovery strategies – “you don’t know what you’ve got ‘til it’s gone”, nicely credited to Joni Mitchell.
The book is well organised and easy to navigate. There are, as in all good business books, plenty of check lists, tables and emboldened key points – but unlike some authors, Jordan and Silcock can write in sentences as well, and there are many pages of clear and coherent prose in between. Each chapter ends with a health check followed by one or two short case studies.
Overall, this book is very highly recommended. IT specialists will do well to reflect upon the limitations of what they can actually deliver – other managers who make the effort to understand what IT can and can’t do will be in a better position to avoid the worst pitfalls and reap the benefits.