A brief overview of 3gamma Insights: Creating a solid foundation through cost-effective risk management. A selection of thought leadership relating to risk management. It includes insights into how IT organisations and project managers should approach risk management in a cost-effective way to maintain control but also enable rapid development and flexible IT outsourcing. It includes guest point of views from Fondia Legal Services and Transcendent Group.

1. 3gamma Insights: Creating a solid foundation through cost-effective risk
management
Ideas in brief
Jens Ekberg, Director Head of Group Insights

2. 2
Embedding risk management within IT to deliver
business value while maintaining compliance
IT organisations are subject to a wide range of rules and regulations that
mandate control over information, technology and processes. This drives
significant costs and undermines the ability to deliver on already stretched
targets.
 Regardless of good intent, external rules tend to be interpreted overzealously
and become over-engineered. Companies should include internal control in
all initiatives and not view it as discrete a one-off event
 Insight and transparency enable decision-making, evaluation and
acceptance of risk-levels. The risk management process needs to be
embedded in the transformation initiative and not run in parallel
 Companies should approach implementation through an iterative approach
and continuously improve. This approach will reduce cost, allow for better
allocation of scarce IT resources and ultimately lay the foundation for more
effective IT delivery processes.
3gamma Insights: Idea in brief

3. 3
The commitment risk – When IT outsourcing
exposes shadow processes and loyal heroes
Shadow processes are often an integral part of IT delivery. Without them the
quality of the IT services would deteriorate. But what happens with these
shadow processes in an outsourcing project?
 Loyal and committed people are at the heart of a high-performing IT
organisation. In big changes, such as IT outsourcing, this commitment may
become a significant risk
 Due diligence processes seldom reveal shadow processes and activities. For
vendors, it’s easy to make a very attractive offer. Outsourcers need to pay
meticulous attention to this and implement countermeasures in the planning
and preparation phases
 The process of scoping services needs to be based on relevant hard data.
The key to a successful IT sourcing initiative is a clear understanding of the
baseline. It is needed to establish a realistic business case and managing the
transition project with care
 Shadow processes can be mitigated if loyal heroes are made aware of the
importance of documentation and process-orientation
3gamma Insights: Idea in brief

4. 4
Staying in control over an outsourced delivery
An outsourced delivery of a function, process or portion of work can be an
attractive solution for many reasons. There are benefits to be gained but also risks
involved that need to be proactively managed.
 Both informal and formal governance are needed to manage IT outsourcing
risks during the outsourcing life-cycle
 Organisations should use an inclusive, holistic approach to ensure that different
organisational needs are met and requisite stakeholders are involved
 Proactive measures for early risk management are key to IT outsourcing success
By realising that an outsourcing agreement is an ongoing and changing
relationship and by working proactively with stakeholders, an organisation can
proactively manage risks that may occur due to the loss of control. Such measures
are imperative in securing the success of an outsourced delivery
Contact: Tove Flodgren-Isaksson, Managing Director at Fondia Sweden
3gamma Insights: Guest point of view by Fondia

5. 5
Using governance, risk and compliance (GRC)
systems to deliver business benefits
Outdated and hard to maintain spreadsheets are piling up and the business is left
without proper control.
 Organisations need an efficient and effective way of maintaining control. GRC
systems provide an integrated view of the governance, risk and compliance
related to business processes
 It enables a move from fragmented data collection to asking critical questions
once, hence reducing impact on business
 It reduces cost and complexity while increasing the likelihood of effective and
efficient collaboration
 It replaces overlapping reporting with integrated reporting
Being able to manage GRC challenges in a transparent and cost-effective way
while avoiding bureaucracy, process lock-down can become a competitive
advantage.
Contact: Alex Hofmann, GRC Technology Service Leader at Transcendent Group
3gamma Insights: Guest point of view by Transcendent Group

6. 6
Risky business! There's a time for playing it safe
and a time for risky business
Embedding risk management as an integral part of the project framework is an
essential and fundamental part of any project, programme or portfolio as a
way of keeping costs down, benefits high, and increasing the probability of
successful delivery
 The ability to effectively manage project risks is in direct correlation with
tangible business benefits: fewer delays, cost-overruns and improved return
on investment
 Classifying risks and understanding their potential impact is key to devising
the right risk management strategy
 Project managers need several tools for risk management across the project
life-cycle
Proper risk management reduces the number of risks that materialise and
minimises the effect of those that do occur. To secure successful delivery, risk
must be appropriately managed. Risk management also results in more
opportunities being captured proactively and turned into positive benefits for
the project
3gamma Insights: Idea in briefRisk and cost correlation of the project life-cycle
Risk management strategies need to be adapted to business needs