John F. Kennedy once said, "There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction." 

There are few places this applies more aptly than the corporate world. The global business revolution is now entering a new phase as more and more companies seek to use technology to manage and reduce exposure in an increasingly risk-prone world. A new survey from IBM and Gavilan Research Associates bears this out, with risk mitigation and data governance found to be the key drivers of new IT projects. Of the many challenges involved, respondents highlighted their struggles with organizing, reusing and sharing corporate knowledge, and keeping up with the increasing pressure to find better information to drive their businesses. 

Two-thirds of respondents also said that data governance and data stewardship issues were among the top three data-related issues or projects they were struggling with. Yet, 45% do not yet have a data governance council or data governance projects underway. Another 80% said that they were struggling with other information-related issues as well, including documenting business data.

Given that there is such a large body of research in the area of risk analytics, why should we be interested in another look at risk management methods and tools now? One compelling reason is that organizations increasingly resemble a puzzle of complex networks, with nodes in the network dependent not only on those within the same organization, but also on distant suppliers, financial institutions, governments and other associates outside of the company's firewall's protection.

In a system with such interdependencies, the occurrence of a risk event has ever-widening consequences, and managing risk can no longer be thought of in a business or geographic silo. To navigate this merging of technology with business processes, a practical science for CIOs needs to emerge. 

Witness the impact of the subprime lending crisis currently affecting the entire U.S. economy and markets worldwide. Or analyze the potential global economic and health implications of an avian flu outbreak. From a business perspective, the events in one market (e.g. an increase in crude oil prices) can easily affect the financial results of an entire globally integrated enterprise.

The news, however, is not all negative. While risk typically has a negative connotation, the term can also denote positive events that represent opportunities to create value for an organization Of course, developing methods and tools to provide a comprehensive-yet practical- risk management practice is challenging. The plain fact is that these problems are hard, and there is no "one-size-fits-all" solution.

In most cases, another obstacle is that organizations lack reliable data and practical frameworks for assessing risks in a holistic fashion. In order to effectively harness risk and make risk management a core competency, effective methods must be in place for: gathering and managing risk-relevant data; building mathematical models involving thousands of uncertainties and complex interdependencies between events (upon which risk mitigation and response plans can be developed); and interacting effectively with the consumers of risk models (e.g., via dashboards, scenario analysis, etc.).

To do any of this, significant strides in innovation must be made. Only then can an organization provide a flexible framework and a set of quantitative and analytical tools for evaluating risk within an organization and across its network of partners. It is this framework that can provide organizations with the capability to manage risk as a business fundamental and create opportunities to add value.

Unprecedented risk such as terrorism, pandemics, cybercrime, climate change and extreme weather require innovative risk mitigation strategies. It is a difficult task to be sure. But comfortable inaction is a poor alternative. 

Robert Morris is vice president of services research at IBM Research, where he is responsible for IBM's worldwide research efforts in services.