Optionality - Risk regarding People
Throughout history a risk management portfolio from the executive administration has implied that a risk with harms to people would be escalated to a crisis or unacceptable degree of risk. IT Service Management - while beneficial to the running of technology operations inadvertantly misrepresents the way risk and change management are managed from executive strategy under IT. The change required by people was consumed and risk was reduced to project risk in checklist style governan
Change Management for IT often has no data type change and is done as a weekend change event
Only changes "function" with no change to role(s) - continuous improvement or maintenance type changes in agile development methodologies. Project Risk is low
The majority of managers in the world are familiar and versed in the IT change management models. IT will avoid the cost associated with people type changes, the response from IT driven projects will rarely factor the role changes. The IT resources are simply not aware of the effort and nothing motivates IT to assume business change management. The problem magnifies when the change audience requires IT resources to transform.
Change Management for Role(s) is determined or expected to be determined during strategy and planning (management create, read, update and archive) or BP 1 Design vision and strategy. One major barrier in the process, the fact that IT development begins its own analysis later in the process which will redefine the change scope with a completely different stakeholder group who often are politically supported with major transformation or a Data type group who behave like a mafia. Some executives take pride in their teams ability to execute at all cost and literally the cost are substantially high in cross-charges.
The change management without the role changes are the points in every organization where the risk to external people are bleeding the organization to death. Breaches due to the database extraction or acquisition and curation and API's which are a different name for a database link which is not an acceptable means of access to personal, intellectual or financial information.
The management risk associated with create, read, update and archive of master records focuses entirely on the person (party), items (offers) and financial management data in the form of information and all associated processes or procedures.
ISO 9001 has introduced standards in the 1980's which were introduced at the principles and executed or implemented in ERP as the system of record. It wasn't until 2000 that extracting the data from database to database was being done in response to many failures in executing new migrations or upgrades from one software system in DOS to prevent post 2000 predictions in windows based systems. The problem was the ability to customize and develop the entire ERP system which we can measure the symptoms growing substantially beyond the year 2k.