Stories by: Dan Swanson

The Financial Services sector has always been on the leading edge in the adoption of information technology. In the last decade, the focus has been on the development and implementation of customer-focused Financial solutions with increased integration across various product lines. In the past few years, there's been an emphasis on strengthening business continuity practices.

Business unit contingency planning was never more visible or more important than in 1999, when every senior manager had to review his or her operations in preparation for the Year 2000. A formal Business Impact Analysis (BIA) was conducted at many organizations - for the first time in some cases - to identify single points of failure and other risks and threats to business operations. But just because Year 2000 rolled in with little disruption, that's not to say that business unit contingency plans aren't worth the effort or that they are no longer important.

In most organizations, improving the area of Financial Management is a priority. Even with the rationalization of computer systems through Y2K efforts, Finance systems often still need further modernization. Traditional Financial Management practices are also being rethought, and challenged by line managers. Finance Departments everywhere are looking to become more customer focused and deliver services that add value to the organization.

IT Governance is a critical issue for all organizations, particularly with the rapid increase in competition worldwide. One of the constant challenges facing every CIO is proving the contribution of their Information Services function. In addition, delivering IT and IM services that are effective and a "Value Add" to the organization is an ongoing necessity.

Sun Tzu's "The Art of War" has long been required reading for military leaders. Andrew Clark has taken this masterpiece of war-fighting strategy and built an inspiring corollary that draws on the techniques and motives of the war-fighter and places them in the information warfare arena. This innovative document may change the way you view your information technology defensive posture.

This month's featured Web site is that of the National Partnership for Reinventing Government (NPR), which can be found at www.npr.gov. The NPR is the Clinton-Gore Administration's initiative to reform the way federal government works. Its mission is to create a government that "works better, costs less, and gets results that the public cares about". Begun in the early days of the current administration, with Vice-President Al Gore at its helm, the task force is the longest-running government reform effort in U.S. history. NPR has created a substantial body of knowledge that is useful across all industry sectors, and for both private and public sector initiatives. The site features numerous downloadable publications on various management subjects at www.npr.gov/library. While NPR is understandably focused on supporting government departments, much of its material relates to Leadership, Service Delivery, Planning and Project Management, and Reengineering and Reforming Management Practices -- all of which is extremely relevant and timely for the IT profession. Finally, NPR's section on Web links -- www.npr.gov/links -- provides further leading materials from all other areas of the U.S. government, NPR-related initiatives, and other resources supporting management reform.

With the significant increase in competition, aggressive corporate goals and targets are becoming the norm. To address this challenge, companies are increasingly strengthening their risk management practices to ensure that when (or if) initiatives "go off the rails", the situation is identified early and management actions are taken to address the situation. This month I have developed a comprehensive list of Web sites that support the improvement of the various risk management processes. In addition, the "best practice" reports provide guidelines and numerous management "lessons learned" to help CIOs establish and strengthen their risk management practices.

The protection of information and information systems is becoming exceedingly complex and challenging. Fundamental to the safeguarding of critical assets, i.e. information and information systems, is an effective corporate security management program.