Growth vs. risk: How CIOs can determine their firm’s comfort zone


Read Part 1: How CIOs can strike the balance

Read Part 2: Maintaining the core in your organization

Risk is the elephant in the room in many IT discussions. CIOs managing a complex portfolio of core and growth projects need to factor risk into their decisions as well. A key input to your risk evaluation is your organization’s risk appetite. Your understanding of risk will help you provide thoughtful guidance to your organization and project managers.

Cloud services (e.g. Software as a Service), as an example, present new risks. “In some cases, organizations cannot customize Cloud solutions to mirror their current processes as they might have with their legacy on-premise solutions,” commented Michael Klubal, partner at KPMG Canada, in an interview. Lack of customization poses risks of disrupting key business services and staff frustration with IT.

Use these three questions to determine the risk appetite of your organization’s senior leadership.

  1. Observe Risk Discussions

When risk comes up in discussions, do you notice an immediate increase in tension and stress? Or do you see a disciplined approach to thinking through risk and implementing strategies to address it?

If risk discussions tend to cause panic and uncertainty, your organization probably has a low appetite for risk.

  1. Risk Management Function/Department

Does your organization have a formal risk management department or professional on staff? The lack of a dedicated risk function may indicate your organization has limited risk concerns.

  1. Industry Leader or Industry Follower

Finally, does your organization see itself as an industry leader seeking to push the envelope or does it follow the lead of other organizations? Industry leaders are typically the first to launch new product categories, enter new markets and implement other ideas. Embarking on new ideas means accepting a higher probability of failure.

If you consider your organization to be an industry follower, you will be constrained in your ability to push for high risk projects.

Taken together, these three points provide a reasonable proxy for an organization’s risk appetite. For additional context, you can ask similar questions about your IT organization. Once you gather all the risk information, the CIO has to make a leadership decision on whether to go with the flow of the organization or lead in a new direction.

Deciding and managing the blend of growth and core IT projects is a core responsibility for CIOs. By adopting an “asset mix” philosophy to your projects, you can sustain your organization’s commitment to R&D in lean times. The asset mix will also ensure you give resources to the core, even when it appears to functioning smoothly.

Learn more from Bruce Hapham by visiting

photo credit: via photopin cc


Please enter your comment!
Please enter your name here