Technology risk

Published March 4, 2020, 12:00 AM

by manilabulletin_admin

Reynaldo C. Lugtu, Jr.
Reynaldo C. Lugtu, Jr.

The prototype of the SpaceX’s passenger spacecraft, SN1, was undergoing a test when it buckled upon take off and exploded. This prototype was part of Elon Musk’s SpaceXStarship, a ship that it is hoped can one day carry humans to Mars. The explosion happened after one of the tanks on the unmanned vessel filled with liquid nitrogen during a cryogenic pressure test. The fuel tank was a single-point-of-failure risk – a component of a large system that brought the entire system down when it failed.

This is the nature of technology, where risks abound in its development, use, manipulation, integration, and even disposal. Technology risk is any potential for technology failures to disrupt your business. Business disruption happens when the technology failure impacts your customers, employees, processes, and the larger society.

An example is when a self-driving Uber car accidentally hit and killed a woman crossing the street in Arizona in 2019. This is a special type of technology risk called artificial intelligence risk.

Another example of technology risk was the mishap that happened to Jollibee in 2014. Rappler reported that “Jollibee Foods Corporation announced that a major IT system change it undertook was to blame for the lack of the popular “Chickenjoy” in some of its stores.The change affected the fastfood giant’s inventory and delivery system, forcing 72 of its stores to close.”

There are several types of technology risks, as outlined by technologist John Spacey published in, that can result in business losses. This includes the potential forproject failures, operational problems and information security incidents. The following are common types of technology risk.

Architecture Risk – information technology (IT) structures that fail to support operations or projects.

Artificial Intelligence Risks – a special category of risk associated with technologies that learn and self-improve.

Asset Management Risk – failure to control IT assets such as loss of mobile devices.

Audit Risk – the chance that an IT audit will miss things such as security vulnerabilities or legacy risks.

Availability – downtime of IT services.

Benefit Shortfall – investments in IT that fail to achieve projected return on investment.

Budget Risk – IT programs, projects or operations teams that go over budget. In many cases, going under budget is considereda positive risk.

Capacity – capacity management failures such as an overloaded network connection that causes inefficiencies such as processfailures.

Change Control – a failure to control change to complex systems including practices such as change management and configurationmanagement.

Compliance Violations – the potential that you will violate laws or regulations.

Contract Risk – a counterparty that fails to meet its contractual obligations to you such as violations of a service level agreement.

Data Loss – loss of data that cannot be restored.

Data Quality – poor quality data that causes losses due to factors such as process failures, compliance issues or declining customer satisfaction.
Decision Quality – sub-optimal decision automation or inaccurate decision support information such as analytics.

Design Debt – a low-quality design that results in future costs.

Facility Risk – risks related to facilities such as data centers.

Infrastructure Risk – failures of basic services such as networks, power and computing resources.

Innovation Risk – a special category of risk associated with experimentation and aggressive rates of change. Typically requires novel approaches to risk management such as designing activities to fail well.

Integration Risk – the potential for integration of organizations, departments, processes, technology or data to fail.

Legacy Technology – technology that is out of the date to the extent that it is difficult to maintain and at risk of failures.

Operational Risk – the potential for technology failures to disrupt core business processes.

Partner Risk – risks associated with technology partners such as service providers.

Physical Security – physical security related to IT such as security at data centers.

Process Risk – the potential for processes to be disrupted by IT failures.

Procurement Risk – procurement is the purchasing of services, products and resources. It is prone to a number of risks including the chanceof fraud, cost and quality issues.

Project Risk – in many cases, IT projects have a high rate of failure due to a number of risk factors such as scope creep, estimationerrors and resistance to change.

Quality Risk – failures of quality assurance and other quality related practices such as service management.

Regulatory Risk – the potential for new information technology-related regulations.

Resource Risk – an inability to secure resources such as skilled employees.
Security Threats – security threats such as malware and hackers.

Security Vulnerabilities – security vulnerabilities such as weak passwords and poorly designed software.

Single Point Of Failure – a small component of a large system that brings the entire system down when it fails.

Strategy Risk – the risks associated with a particular IT strategy.
Technical Debt – weak technology implementations that are likely to result in future costs such as a big ball of mud.

Transaction Processing Risk – failures of transaction processing such as ecommerce purchases.

Vendor Risk – the potential for an IT vendor to fail to meet their obligations to you.

It’s important that executives and risk managers evaluate the risks of investing in new technology or technology upgrades, in this era of digital transformation. A holistic risk management framework should be adopted by organizations that includes building a culture of risk awareness, using monitoring tools and processes, assessing policies and procedures, and implementing resolution and risk management training programs.

The author is CEO of Hungry Workhorse Consulting, a digital and culture transformation consulting firm. He is the Country Representative of the Institute of Change and Transformation Professionals Asia (ICTPA) and Fellow at the US-based Institute for Digital Transformation.He is the Chairman of the Information and Communications Technology Committee of the Financial Executives Institute of the Philippines. He teaches strategic management in the MBA Program of De La Salle University. The author may be emailed at [email protected]