Advertise
Resources
Member, Beacon International Group, Ltd.
Jeff Stolle has dealt with technology issues for many years. But the risk manager is in his current post because he also has a background in enterprise risk management.
Mr. Stolle, who is director of risk management at Career Education Corp. in Hoffman Estates, Ill., was hired in March to lead the ERM initiative that the board of directors espoused.
One of Mr. Stolle's first meetings after joining the company, which hosts online universities among other activities, was the steering committees on IT disaster recovery and identity theft/privacy concerns, he said. The risk management department chairs those steering committees.
Technology "is something that risk managers need to understand, especially if they want to be truly an enterprise risk manager" because IT impacts all aspects of a company, said Mr. Stolle, who chairs the Risk & Insurance Management Society Inc.'s Technology Advisory Council.
Risk management departments can function in an oversight role, "making IT think from an enterprise perspective" and understand how the IT operation and exposures tie into the business and shareholder value, he said.
Just as Mr. Stolle currently is doing for his company, risk managers can develop metrics to assess IT security processes.
The actual IT security plan, on the other hand, should be written by the chief information officer and the IT security team. Risk managers can review the plan, but the technical aspects and how the plan would be executed must be left to the experts, he said.
Mr. Stolle gained his ERM background at American Electric Power in Columbus, Ohio, where he served as principal analyst in the risk management department from 2000-2005. During that time, "they had a robust ERM program" with both the chief risk officer and chief security officer sharing responsibility for IT security, he said.