Introduction to Technical Risk Management

Technical risk is any potential technology failure that can disrupt your business, such as an information‑security incident or service outage.

Introduction

What You Need to Know About Technical Risk

Benefits of Technical Risk Assessment

How to Conduct a Technical Risk Assessment

Deep Dive: End‑of‑Life Management

Deep Dive: Compliance

Deep Dive: Complexity

Conclusion

Technical Risk Management Overview

Let me start with a shocking example that shows how an uncontrolled IT risk event can cause catastrophic impact, similar to what happened at Delta subsidiary Comair. In a busy December, Comair’s crew‑scheduling system failed because it could only handle a limited number of changes per month. The system stopped, leaving nearly 200,000 passengers stranded across the United States just before Christmas, resulting in an estimated $20 million revenue loss. The latest EA catalog provides information about all applications, helping you assess which apps may be at risk because underlying IT components are no longer supported, and lets you track your technology standards. Accidents caused by unsupported components cost companies an average of €600,000.

This authoritative guide will teach you how to avoid such situations.

What You Need to Know About Technical Risk

Most companies are better at adopting new technologies than retiring old ones. Running unsupported technology can be very costly. IT interruptions and data breaches can cost millions of dollars. At the end of a technology’s lifecycle, IT management must deal with integration issues, limited functionality, low service levels, lack of skilled resources, and missing vendor support.

The top 20 technology vendors offer more than one million different technology products, and related information such as lifecycles changes daily.

Most companies are better at adopting new technology than retiring it. 67% of CIOs say their technical risk management is ineffective.

If you are researching how to perform a technical risk assessment, this story may sound familiar, which is why we created a clear technical risk assessment guide.

Technical obsolescence – benefit from a technology lifecycle catalog to avoid risk [whitepaper]: learn how to manage technical risk from lifecycle to business impact.

The technical risk landscape is rapidly changing, driven by emerging technologies such as blockchain and new approaches like micro‑services. Without proper handling, these changes increase IT risk and overall enterprise risk.

According to KPMG’s technical risk management survey, technical risk management needs to evolve to cope with a fast‑paced, disruptive world. Many organizations still treat technical risk as a compliance‑centered activity rather than a value‑centered one, relying on static qualitative metrics, reactive decisions, and a lack of innovation.

Did you know? 72% of organizations bring the technical‑risk team into a project only after a risk issue appears, and 47% adopt mobile apps or devices without any risk assessment.

Benefits of Technical Risk Assessment

There are many benefits, including:

Cost Reduction

By evaluating each IT component’s functional fit and business criticality, you can identify the optimal technology, allowing you to standardize across regions or offices and eliminate redundant applications or technologies. For example, why use both Oracle and MySQL?

When a single solution can serve the whole organization, you avoid paying for two.

Risk Reduction

If software is not upgraded to the latest version—or worse, if you run five different versions—the underlying technology can cause a cascade of errors across the organization. Identifying and understanding underlying technologies, their lifecycles, and software dependencies is essential.

Figure 1: IT component matrix showing lifecycle of components by provider and technology stack.

Improved Agility

Standardization is a common challenge. Without clear standards, chaos ensues. Once standards are defined, they must be enforced. Surveys (e.g., SurveyMonkey or LeanIX’s built‑in survey feature) can help assess compliance with IT‑security standards.

Image 2: LeanIX survey showing how to efficiently do an IT‑security assessment.

How to Conduct a Technical Risk Assessment

Now that the benefits are clear, you may wonder about the steps to create a comprehensive technical assessment.

Our recommendations are as follows:

Obtain a Complete List of Applications You Use

If you have not documented your applications over the past year, start by reading the nine rules and guidelines for application rationalization.

Without a current inventory, a technical assessment is meaningless—just as you wouldn’t bake a cake without a recipe.

Assess the Software Versions in Use

Identify the versions of software currently deployed.

Best practice: group software by technology stack and tag them (manually or with LeanIX’s out‑of‑the‑box tagging) for future reference. The screenshot below shows tagging using Candidate, Leading, Exception, Sunset models.

Assess Servers and Data Centers in Use

Apply the same approach as above, assigning a technology stack to each server and data center.

Validate data, e.g., using an IT‑component location report to verify server locations.

Image 3: Report showing where IT‑components are located.

Connect Software and Servers to Applications

After collecting and validating data, create links between software, servers, and applications to understand dependencies and avoid the issues described earlier.

Image 4: Free‑draw report showing dependencies between an application and its IT‑components and technical stacks.

Identify How Technology Affects Your Business

Now you can determine what technical risk means for your enterprise, such as locating where applications using certain software versions are hosted.

Deep Dive: End‑of‑Life Management

End‑of‑life (EOL) management is one of the most important factors in technical risk management.

Companies that ignore upcoming obsolescence face higher security risks and vulnerabilities. Continuing to use unsupported hardware or software makes it easier for cyber‑criminals to access systems and data.

Even government agencies are affected. In 2015, US IRS auditors criticized the agency for not upgrading Windows XP PCs and Windows Server 2003 data‑center servers—both retired by Microsoft—leaving about 1 % of its computers (≈1,300 machines) unaccounted for and requiring costly post‑retirement support contracts.

Figure 5 – Business impact of technology obsolescence.

Deep Dive: Compliance

Enterprises must comply with regulations ranging from HIPAA to PCI and FISMA. While compliance costs money, the cost of non‑compliance is typically 2.5 times higher.

A current EA inventory provides reliable data to document compliance. LeanIX’s survey plugin can help create targeted or periodic surveys to maintain accurate information about applications handling sensitive data.

For GDPR, you can assess data sensitivity, classify it (public, sensitive, restricted, confidential), and tag objects or applications accordingly—often already part of internal security processes.

Deep Dive: Complexity

Complexity is the enemy of security. When retiring legacy technology, CIOs must balance keeping systems running (“if it isn’t broken, don’t fix it”) against the risk of increased complexity and potential outages caused by upgrades.

Figure 6: LeanIX dashboard illustrating which applications are at risk as underlying IT components exit their lifecycle.

Obsolescence, hardware maintenance, and security are among the most pressing IT challenges today. Failing to plan for the future of technology is one of the costliest IT mistakes enterprises make.

Conclusion

Most companies are better at adopting new technology than retiring old ones. Running unsupported technology can be very costly, with IT interruptions and data breaches costing millions of dollars.

Technical risk management is a broad and complex topic that cannot be solved by manual data maintenance alone. With LeanIX, enterprise architects can quickly obtain up‑to‑date technology product information, which is essential for assessing application‑environment risk and intelligently planning, managing, and retiring technology components.

Source: http://jiagoushi.pro/node/1224

Discussion: Join the Knowledge Planet “Chief Architect Circle”, the small account “jiagoushi_pro”, or QQ group 11107777.