Transforming Technology Risk

Due to emerging technology risk and regulatory and governmental compliance mandates, large organizations require a holistic risk approach that accelerates strategic value realization and competitive advantage. The goal is an operational risk model built for the accelerated rate of technology change that addresses an organization’s appetite for risk while offering increased opportunities for value creation.

Successful technology risk transformation can enable organizations to increase trust by enhancing risk management—simultaneously reducing the likelihood and severity of adverse outcomes more commercially and transparently.

By gaining these capabilities, the role of the risk function will move beyond a defense-only, reporting-centric activity to a trusted partner that delivers proper safeguards and improves the likelihood of successful implementation and execution of a strategy in line with investor risk appetite.

Digital applications are now providing businesses with a tremendous amount of data, which is used as an asset, to create business value to differentiate product offerings.

The benefit of having structured data is that you can pivot from monitoring controls once or twice a year to monitoring them continuously to uncover those anomalies and events that need attention much faster. Then on the more technical side, there are advanced monitoring solutions around firewall rules and network access controls that can alert risk when there is a policy violation, and risk professionals need to act.

ESG transformation is not without risks, as it requires a paradigm shift involving regulatory obligations, new business models, consideration of new environmental and social performance metrics in decision-making and increased systemic risks to resources.

To effectively manage risks on your sustainability journey, consider these four key elements.

• Internal control: Beyond the statutory obligations, internal control is a way to leverage your ESG transformation. The assurance you can provide is critical for your activity and business partners.
• Process and Governance: Governance body and operational processes required for your ESG reporting are to be defined at the early stages of your ESG project.
• Tools and data: Data is the foundation of ESG reporting. It should be the first element to secure before starting any transformation program. ESG tools support data collection, internal control monitoring and ESG reporting.
• Third parties: Many IT third parties are involved in the production process and in the monitoring of non-financial reporting elements (data collection, analysis, production of KPIs). Obtain and provide assurance on the internal control of these technological third parties.

Leaders should determine what skills reside on their teams, build a plan to fill in the gaps, and provide training to encourage professional growth and advancement that can include rotations in and out of the risk department.

Equally important is making sure employees are cared for so they don’t burn out. Technology risk can look to a trusted co-source provider that can supply the right subject matter expert with the right skill set when the organization needs it.

Finally, intelligent automation is an option that is gaining traction in risk functions. The technology has advanced tremendously, and digital or virtual agents can carry out increasingly sophisticated tasks.

Adoption of new technologies can be an opportunity for the risk function to take a step back and reassess controls and environments to ensure their knowledge of emerging technology is keeping up. Do you have the right controls to mitigate these new risks, and are you taking advantage of pervasive controls across these new technologies?

Technology risk must adapt quickly and effectively to keep up with the organization’s evolving strategy, business and operating models. To help with this journey, here are some recommendations to consider.

• Clearly understand the business strategy purpose and values and how a change would address those issues: Try not to force the technology requirements before understanding the business requirements. Understand your vision and business objectives before vision and business objectives before designing new operating models and adopting new risk technologies.
• Start small: Launch a pilot with limited scope to get a quick win and gain internal support.
• Leverage agile approaches: Complete work in sprints to provide flexibility in scope coverage and allow for more real-time reporting and response.
• Engage with key stakeholders up front and throughout the rollout of your program: Understand which customers and partners are prioritizing digital trust and transparency. Do some campaigning at the start. Make sure people are on the same page with you and get their feedback and recommendations. Then, when you get the entire stakeholder group together, have the benefit of the insights from that whole team.