Pre-risk governance is an extension of the risk management paradigm that allows for risk analysis prior to making a decision on whether a business objective should move forward and what the possible risks may be. Instead of making business decisions that will affect or impact technology, and the associated people, processes, and policy and then including necessary staff in systems planning after the fact, pre-risk governance allows for the inclusion of pertinent staff in the decision-making process prior to moving toward a major change or enterprise transformation effort. Historically, information technology (IT) staff have not been included in decision making as it applies to change initiatives until they are required in the overall systems/solutions development life cycle. This exclusion of IT staff has been shown to cause a higher level of risk, and actuated issues with schedule, budget, and successful implementation of or transition to a new means of doing and supporting business.
TopBackground
“Ninety-three percent of U.S.-based multinational companies are in some phase of changing their business models,” (KPMG, 2014, p. 2, paragraph 1). This percentage is particularly significant in light of the technologies upon which 21st century businesses depend for developing, redeveloping, updating, and revamping their structural frameworks, designs, communications networks, marketing and sales plans, policies, implementation practices, etc. Because organizations are continuously evolving in this way, adjustments must regularly be made to the infrastructure, systems, and roles and responsibilities of those organizations. In turn, with new systems come new modes of doing business and changes to operations (Goodman & Loh, 2011) that impact both internal and external stakeholders. Moreover, it is expected that certain Information Technology (IT) disciplines (such as solutions architecture, development/engineering, verification/testing, and technical and customer support) within an enterprise will continuously go through, promote, and support change (McDonagh & Coghlan, 2006), especially in the area of information technology driving business innovation. Planning for change prior to making a decision to change and including those subject matter experts (SMEs) that can provide relevant information on the advantages and disadvantages of moving forward increases the possibility of success upon initial implementation of a new product or service (Larry 2017). In this chapter the authors will define and discuss the use of Pre-Risk Governance prior to and/or at the onset of change projects and initiatives.
Although it may be rarely accepted as true due to fear and uncertainty, change does not have a negative connotation (Von Canon, 2017). Change is not necessarily a negative process but it may be deemed negative based on the individual experience and how change is handled. Although justifiable, changes of any sort succeed or fail based on whether the people affected are willing to do things differently and, in today’s business environment, understand the primary drivers of these changes (Bridges, 2010; Goodman & Loh, 2011). The success or failure of technology changes in businesses and other kinds of organizations depends on how information technology teams handle the change and appreciate the value proposition to both the business and the individual/team. Knowledge of planned change may act as a positive influence on change agents.