A three-dimensional view of risk lets organizations aggressively identify sources of IT-business misalignment and ruthlessly move to eliminate them.

The General, noted Napoleon Bonaparate in his military maxims, never knows the field of battle on which he may operate. His understanding relies on inspiration; he has no positive information; and data to reach any knowledge of localities is so contingent on events that almost nothing is learned by experience. In such situations what is needed, at least according to the greatest military genius of the 19th century, is the facility called coup d'oeil militaire (the ability to take in the military situation at a glance), which he saw as nature's gift to great generals.

Doing business is not unlike waging war, and organizations should be using aggressive risk management to give them a similar ability to instantly bring order to unfamiliar terrain. That way, problems flowing from the business to the project or project to business can be addressed cohesively, rather than as unconnected efforts, according to Robert N Charette, director, Risk Management Intelligence Network, Cutter Consortium and president of Itabhi Corporation.

While the application of aggressive, enterprise-wide risk management practices is too often overlooked in both the creation of business strategy and the development of IT systems, leading companies know the value of risk management and practise it aggressively across the enterprise "Simply put, risk management is the iterative and continual process of identifying potential problems, understanding the implications involved if these potential problems occur, and - when the consequences of potential problems are unacceptably high - selecting alternative courses of action to reduce or eliminate the consequences," Charette says.

Doing so gives organizations an integrated, three-dimensional view of risk that lets them aggressively identify sources of IT-business misalignment and ruthlessly move to eliminate them. "Napoleon had this idea that he called coup d'oeil militaire. He wanted generals who had this quality that was to be able to recognize patterns very quickly, size up the situation very quickly," Charette says. "And I change it a little bit: I call it a coup d'oeil informatique. It's really being able to have the information, being able to pull together the pattern so that you can see things that other people can't see.

"That's the ideal. That's the thing that enterprise risk management ought to give the CIO, the CFO, the CEO and all the other CXOs: an ability to recognize things that they may not have been able to recognize before . . . faster, better, basically superior information to be able to make better decisions."

If an organization has crafted a winning business strategy but cannot implement it, or possesses superb implementation capability but has a vague and ill-defined business strategy, chances are it is suffering a business-IT misalignment problem, Charette says. The best way to address that misalignment, says the man dubbed by project and risk management guru Tom de Marco as "the grandfather of software risk management", is to improve your routine risk management. Doing so should, at the very least, help your organization identify the sources of misalignment early on so that it can address them before they turn into problems.

Charette says leading companies appreciate the value of risk management and diligently practise an aggressive form of the process that encompasses the entire enterprise, from IT projects to strategic planning and marketing. "Aggressive risk management allows problems that flow from the business to the project - and vice versa - to be addressed in unison rather than as disparate, disembodied, disruptive efforts," he says.

"Issues affecting alignment are openly communicated, leading to fewer 'surprises' for those involved in developing business strategy or IT projects. Because changes involving either business strategy or technology are continually assessed, opportunities to improve alignment can also be quickly exploited."