What is an acceptable IT risk?

What is an acceptable IT risk?

What is an acceptable IT risk? To my way of thinking, there are no acceptable IT risks.

To me, IT exists to reduce or eliminate risk as much as possible. If a company doesn’t want to invest in reducing risk, they put their business at risk. I have seen this firsthand and the negative consequences which happen.

For example I once worked for a company that needed a new AD computer. AD is crucial for many companies. My boss disagreed with me but I knew I was right. He went on vacation and I approached his boss and told her that this needed to be done. She was skeptical of course because she didn’t understand it and felt if it were important then my boss would have approved it. I told her that if we didn’t need it in the next few weeks I would quit/give my salary for the month which would pay for the cost of the server.

We got the server and I configured it and of course the main AD computer broke. However no one noticed and when my boss came back from vacation everything was working correctly. He got mad at me because I spoke to his boss and never thanked me for what I did. If it had broken no employee would have been able to work in that company.

When you work in IT you are seen as an expense. No matter how much money you save a company, they have a hard time acknowledging it. So you try to motivate the decision maker to reduce the risks as much as possible.

That means always having a backup so that if the primary system fails you have a working backup. It means being open to thinking about the process of how technology works and sometimes adjusting your workflow. It means that your IT person can be a resource and help you gain a strategic advantage, and that the best IT find a ROI for all investments.

Unfortunately not every company I have worked with cares about reducing the risk to the environment. It is their choice, but I will have done everything I can do to help them be successful.

Similar Posts: