Call for Papers

Below is the call for papers for the upcoming Cutter IT Journal issue Is Enterprise Risk Management Unfixable?, guest edited by Robert Charette and Brian Hagen.

Is Enterprise Risk Management Unfixable?

Three years ago, we edited an issue of Cutter IT Journal titled, "Managing Enterprise Risk in a Failing Economy: Is It Time to Rethink Risk Management?" The core question addressed by the Journal issue was whether it was time for a major reformulation of what enterprise risk management meant and how it was practiced. Then current corporate approaches to ERM were obviously wanting -- if not thoroughly discredited. What was not obvious was what, if anything, could be done about it. For example, were there fundamental flaws with the current risk models and methods that underpinned ERM? Or were the models perfectly fine within their limits, and it was their implementation -- especially in terms of creating a supportive, risk-aware organizational culture -- that created enterprise risk mismanagement?

The consensus of the papers in the Journal issue agreed that ERM as then currently practiced was flawed; the only argument was whether ERM was fatally flawed or whether it in fact could be reformed.

At the time, there was some optimism that with the flaws of ERM practice so obviously exposed by the financial meltdown, organizations, both government and commercial, would take on a broad effort to assess and then improve their risk management practices across the board, from individual projects to organizations as a whole.

Unfortunately, given the events over the past few years, the record of enterprise risk management has continued to disappoint in both government and commercial organizations. To wit, massive enterprise risk mismanagement has been exposed by: (a) the MF Global bankruptcy of late last year; (b) the management and design of TEPCO nuclear power plants in light of the Japanese earthquake and tsunami of a year ago this spring; (c) the fatal BP Deepwater Horizon oil well explosion in 2010; (d) the response to the potential bird flu epidemic in 2009, and (e) the ongoing drama in the EU to bail out Greece and other EU countries in trouble. These are not isolated aberrations, as we could easily list several dozen additional examples from around the world.

More worrying is that there is a sickening familiar deja vu feeling when each case of ERM mismanagement is examined in detail: risks were identified, but ignored; risk managers were fired for highlighting risks; shortcuts to enterprise risk practice were taken allowing risks to turn into problems; risks were treated in isolation; risks weren't communicated; risk models were so complicated that no one knew what they represented; and so on. It is apparent that the painful lessons about how not to do enterprise risk management have not been learned, if they were even heard.

So the question remains on the table: is ERM fatally flawed and unfixable, or can something be done to make ERM an effective, relevant, and attainable business practice?

The July 2012 Cutter IT Journal invites useful debate and analyses on the future direction of risk management practices in corporations and government, as well as how these practices should be used to survive as an important business practice. We encourage those from around the globe to tell us their stories of how ERM works in their organization.

TOPICS OF INTEREST MAY INCLUDE (but are certainly not limited to) the following:

  • Is enterprise risk management irretrievably broken, or do current ERM practices (just) need revamping?
  • If a new ERM approach is required, what should it look like, and how can it be effectively implemented and practiced, given the poor track record so far? In other words, how is the next time going to be any more successful than the past?
  • Are risk management models and or processes root causes of the current poor ERM practice?
  • Given the general feeling that enterprise risk management continues not to be effective, do you think ERM should be shunned or viewed with skepticism by corporations or government? And if it is to be shunned, how should strategic, operational, financial, insurable and social risks be addressed across an organization today?
  • How can risk enterprise management practices be made effective in corporations?
  • What is missing in current enterprise risk management practices that if implemented would drastically improve the effectiveness of ERM?
  • Can you show an example of an effective approach to ERM, and why it is effective?

Finally, we are very interested in hearing different perspectives on the issue, from those in academia to industry and government. All are encouraged to submit abstracts for consideration.

TO SUBMIT AN ARTICLE IDEA

Please respond to Robert Charette, charette[at]itabhi[dot]com, with a copy to itjournal[at]cutter[dot]com, no later than 7 May 2012 and include an extended abstract and a short article outline showing major discussion points.

ARTICLE DEADLINE

Articles are due on 15 June 2012.

EDITORIAL GUIDELINES

Most Cutter IT Journal articles are approximately 2,500-3,500 words long, plus whatever graphics are appropriate. If you have any other questions, please do not hesitate to contact CITJ's Group Publisher, Christine Generali at cgenerali[at]cutter[dot]com or the Guest Editor, Robert Charette at charette[at]itabhi[dot]com. Editorial guidelines are available online.

Important Note: When you submit an article to Cutter Consortium, you warrant that you (or your employer) are the sole owner of the article and that you have full power and authority to copyright it and publish it. Also, the article you submit to Cutter must be an original; not previously published elsewhere.

AUDIENCE

Typical readers of Cutter IT Journal range from CIOs and vice presidents of software organizations to IT managers, directors, project leaders, business analysts/managers and very senior technical staff. Most work in fairly large organizations: Fortune 500 IT shops, large computer vendors (IBM, HP, etc.), and government agencies. 48% of our readership is outside of the US (15% from Canada, 14% Europe, 5% Australia/NZ, 14% elsewhere). Please avoid introductory-level, tutorial coverage of a topic. Assume you're writing for someone who has been in the industry for 10 to 20 years, is very busy, and very impatient. Assume he or she will be asking, "What's the point? What do I do with this information?" Apply the "So what?" test to everything you write.

PROMOTIONAL OPPORTUNITIES

We are pleased to offer Journal authors a year's complimentary subscription and five copies of the issue in which they are published. In addition, we occasionally pull excerpts, along with the author's bio, to include in our weekly Cutter Edge e-mail bulletin, which reaches another 8,000 readers. We'd also be pleased to quote you, or passages from your article, in Cutter press releases. If you plan to be speaking at industry conferences, we can arrange to make copies of your article or the entire issue available for attendees of those speaking engagements -- furthering your own promotional efforts.

ABOUT CUTTER IT JOURNAL

No other journal brings together so many cutting-edge thinkers, and lets them speak so bluntly and frankly. We strive to maintain the Journal's reputation as the "Harvard Business Review of IT." Our goal is to present well-grounded opinion (based on real, accountable experiences), research, and animated debate about each topic the Journal explores.

PLEASE FORWARD THIS CALL FOR PAPERS TO ANYONE WHO MIGHT HAVE AN APPROPRIATE SUBMISSION.

Cutter IT Journal Call for Papers: Is Enterprise Risk Management Unfixable?