Technology Risk Management Primer for Portfolio Companies (Part 1)

Private equity and venture capital firms often face the threat of risk within their portfolio companies, but are not always certain of their portfolio firm’s competency in this area. Risk Management within Information Technology is especially critical as it affects all operations as well as the eventual valuation of the portfolio investment. CSC, Inc. specializes in helping investment firms make the best technology decisions for their portfolio company’s technology needs.

This article serves as a primer for PE & VC firms who must ensure that their investments are secure and may need to proactively engage the IT management of their portfolio company. This primer can act as a template for those IT managers that are tasked with developing an IT risk management plan and who need guidelines for the process. It will also provide examples of how to implement each step and a validation structure for the investment firm to follow the process.




I.T. Risk Management Primer

The pervasive nature of technology has increasingly made information the most valuable commodity for the majority of modern organizations. It is because of this that information itself has become one of the most prevalent areas of focus regarding the management of risk within any enterprise-level business. Since risk management is the identification and control of threats that can impact an organization, few things can affect it more than a loss of data or communications.
While many organizations have a designated risk management officer, that officer may not have specific exposure to the management of technology operations. Nor is it the case that all technology managers have extensive understanding of the tenants of risk management. The components of a generalized risk management plan can be found in many well written articles in publication or online; however, the purpose of this article is to provide a step-bystep framework for the technology executive or risk manager charged with developing an IT risk management assessment and plan for their organization with specific focus on actionable items and reporting procedures to ensure a successful project.
A well executed risk management plan for information technology is primarily a linear process with a focus on the completion of each step as a prerequisite. A recurring theme is the necessity to define terms, methodologies and goals throughout the process in order to maintain a structured and focused plan. It is for this reason that the methodology is presented in the form of the TRMP (Technology Risk Management Plan) Step-Ladder (see below) as each step in the process creates a foundation that enables the next step along a gradual move towards completion.




Comments

Dr Smith said…
I truly appreciate your working guys, thumbs up!!Sequoia India
June 5, 2015 at 6:25 AM
Unknown said…
Virtual data room is a location in which all of the documents pertaining to the deal, the finances and background of the company in question are held.
December 31, 2015 at 4:53 AM
Post a Comment

Popular posts from this blog

To SWOT or Not?! Answer = Technical SWOT

Image
No one who has ever worked in a corporate environment, much less been to business school, has ever avoided dealing with the infamous SWOT Analysis. SWOTs are meant to summarize the strategic positioning of a company and explain where they are and what steps they should take to be more effectual. In actuality, they are a very effective high-level tool for examining any company. I incorporated the SWOT technique into my own surveys of companies and created the T-SWOT or Technical SWOT analysis. The idea here is to easily and effectively explain to my VC clients what are the Technology-based positioning a company has. Each SWOT axis can be converted to technology standards and examines the tech functions of a company in a granular fashion. SWOT in an IT Context: Strengths - technical strengths in platform, infrastructure and management Weaknesses - who a firms software design and platform may weaken them and what they should do Opportunities - in the technology field
Read more

SaaS: The Real Scoop on Multiple vs Single Tenancy

Image
Let's face the obvious. VCs plain love SaaS! What's not to like? SaaS (Software as a Service) architecture has gained tremendous momentum in the software world as it is the evolution of the ASP model allowing a software delivery without the need for any local data or software installation. Any browser with a robust Internet connection is able to access the software and the clients are billed via a subscription model, hence the service part. No ownership, no installation, no maintenance. I recently vetted a SaaS company for a VC client of mine and the SaaS model & revenue model made an extremely compelling business case. For VCs looking to invest in companies with a scalable business model this is an ideal revenue structure as it generally involves a fixed cost of initial development and infrastructure then they can scale up for countless clients who also subscribe to their software. This is great but there is more to it as the architecture for SaaS comes in two bas
Read more