IT Portfolio Management: An Enterprise Risk Management-Based Perspective

By: Prasanna P. Karhade

Abstract

This abstract describes a part of a much larger ongoing, Enterprise IT Strategy Analysis (EISA) (Shaw et. al 2007) project. I am part of a research team that is developing the EISA methodology which involves integrating at least four key components: (1) developing an IT governance framework (Weill and Ross 2004), (2) developing detailed strategy maps (Kaplan and Norton 2004) (3) developing elaborate aggregate project maps (Christensen 1997) and finally (4) IT portfolio management (Maizlish and Handler 2005). This abstract will focus on the IT portfolio management component with an ERM based perspective.

“All management is risk management” is a quote that is often attributed to the famous Canadian risk management pioneer, Douglas Barlow (Shaw 2005). Risk management seems to be at the forefront nowadays in the IT context, as modern CIO offices of large IT-enabled enterprises are expected to justify their enormous investments in IT. Most IT investments are guided not only by the corporate strategy, but also by the risk appetite of the enterprise. The ERM — Integrated Framework published by the COSO of the Treadway Commission, suggests that the risk appetite and the IT investments on an enterprise, should be aligned with the corporate strategy (COSO 2004). In spite of the frequent usage of the risk appetite term, measuring and quantifying this important, but latent, construct seems to be a continuing challenge for IT researchers.

Keywords: IT Portfolio Management, Enterprise Risk Management, Risk Appetite