Minimizing risk and maximizing reward is at the very core of any investment, whether financial or technological. For technology, IT has faced a steep uphill struggle balancing these two forces. Historically, IT has done a poor job quantifying both the risk and return on technology investment in financial terms and, as a result, has not been able to convincingly demonstrate the value to the organization. As such, organizations have tended to think of technology investments as delivering little bottom-line value to the company.As a result, most analysis of risk and reward is qualitative in nature, if done at all. The problem is compounded by the fact that a CIO typically does not have to decide on a single investment, but rather faces a whole portfolio of different investments to evaluate, each with their own perceived level of risk. Therefore, IT is typically not judged on a project-by-project basis; instead, they are judged on a whole portfolio of different investments whose total value is the determinant of success or failure. In this environment, qualitative measurements fail to accurately predict the risk within a portfolio – a portfolio with which the ultimate success or failure of IT rests. IT must have an effective plan to quantitatively measure the risk and reward of any technology investment. Once that is built, IT can then begin the process of building a portfolio-based model to look at the value of the investments as a whole and not as discrete units. To think of technology investments as a portfolio, IT can borrow several tools from the financial community. One of those tools is diversification to meet your company’s economic outlook. If the company’s strategic plan is for aggressive growth, the IT portfolio may consist of a higher percentage of riskier projects. In hard economic times, invest in lower-risk projects and leverage your existing technology base. If the outlook is uncertain, invest in projects that give the company future flexibility options. IT must also be concerned about the relationship between investments. No portfolio risk management plan should be without a measure of both the spread of each individual investment and some quantitative measure of the relationship between investments.Thinking in terms of a portfolio of different investments forces IT to consider the balance between investments that can deliver a high potential reward but at the same time a possible downside, and those investments that are considered a “safe bet” – low risk/low reward investments. Without proper analysis of how risk directly effects each investment along with the portfolio as a whole reduces IT to looking for a shiny needle in the proverbial haystack. © 2002 Giga Information Group, Inc. Email: gigaquestions@gigaweb.com Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe