Risk Management terminology when working with IT Professionals

WithYouWithMe - October 27, 2021

IT Problem Management, IT Incident Management and IT Risk Management... 

A common misconception when discussing Risk Management with IT professionals (including IT Project Managers) is that the IT staff manage risks every day through Problem Management and Incident Management.   

Note the following discussion is as equally appropriate when dealing with IT Project Management. 

IT Problem Management and IT Incident Management 

An objective of many IT functions is to improve the quality of IT services to the entity (company or government department) through a general reduction in incident volume and better first-time fix rates.  This is generally achieved through IT Problem Management and IT Incident Management.  While these two areas of IT Management are well understood and imbedded into the culture of many IT functions, they are often misunderstood as IT Risk Management. 

IT Problem Management is a sub-function within the overarching IT function that serves to: 

  • Reduce the adverse impacts of IT incidents and problems  caused by IT infrastructure errors and failures, and 
  • Prevent the recurrence of IT incidents related to these errors and failures. This function is often facilitated by an IT service support information system (e.g. BMC REMEDY). 

IT Problem Management has the following aspects: 

  • Reactive aspect: Problem solving when one or more incidents occur (Incident Management); and 
  • Proactive aspect: Identifying and solving problems and known errors before incidents occur in the first place (Problem Management). 

IT Problem Management is distinct from IT Incident Management, which instead aims to restore the service to the end-user as quickly as possible. This is often done through workarounds rather than through trying to find permanent solutions (as in the case of IT Problem Management). 

IT Risk Management 

At a high-level, IT Risk Management is the application of established risk management methods for the purposes of managing the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within the entity.  

Risk Management encompasses: 
  • Governance and framework 
  • Event identification management (an event is not an IT incident as discussed below) 
  • Risk assessment management 
  • Risk response management 
  • Risk action plan management 
  • Risk mitigation management. 

It should be noted that the management of risk is an iterative process, rather than an event. 

Event identification management vs IT incident Management 

Event identification management involves using appropriate techniques to identify potential risks to achieving strategic and operational objectives.  

An event could be one occurrence, several occurrences, or even a non-occurrence (when something doesn’t actually happen that should have happened). It can also be a change in circumstances.  

Events always have causes and usually have consequences. Events without consequences are referred to as near-misses, near-hits, close-calls, or incidents (note this does not necessarily mean an IT incident and vice versa, which adds to the confusion). 

The Risk identification process sets out to identify an organisation’s exposure to uncertainty. This can be undertaken using various techniques such as questionnaires, checklists, workshops, brainstorming etc., as opposed to being an anomaly/incident from the day-to-day operations of an IT function. 

The organisation should select the methods most suited to its culture and current priorities. Often, workshops and brainstorming can be very effective ways of identifying risks, but are dependent on having the right people in the room to make the process effective. In addition, when dealing with IT professionals, initial discussion should be centred around the distinction between a risk event and an IT incident.  

If you want to break into the tech industry then sign up to our platform and begin your training today.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our community

We have a Discord server where you’ll be able to chat with your instructors and cohort. Stay active in your learning!
Join discord