CIOs Can’t Afford To Ignore Risk Management Anymore

by CXOtoday News Desk    Apr 23, 2015


While many enterprises do not appreciate the need for risk assessment and planning, owing to limited time and resources, risk management is becoming an essential part of businesses. As technology affects employment practices, crisis management, copyright, security, client protection and a lot of other activities, by putting in place processes to reduce risk, companies can lessen the potential impact to the organization.

A research study, by Wipro and FT highlights the concept of technology risk, or the potential threat to and vulnerability of a business, with the potential threat extending to individual assets, customers, brand and reputation, external business partners, vendor ecosystems and the broader business environment.

The researchers polled businesses in the Asia-Pacific region including chief risk officers (CROs), chief information officers (CIOs) and other C-suite executives to tell us how they go about making their businesses resilient and managing technology risks. The researchers found that the largest share of respondents (65%) say that integrating new technologies with the old ones is one of their biggest challenges. This is followed by inadequate implementation of infrastructure (58%).

Most firms’ understanding of technology risk is most often influenced by the extent of a threat’s impact (64%), and the likelihood of a threat (62%).

The most pressing area of concern over the next 12 months is business continuity and disaster recovery planning, with respondents rating this a 4.01 on a scale of 1 to 5 (where 1 is not at all important and 5 is very important).

For the 85% of interviewees who agree that technology risk management adds value, 38% say that it does so by increasing customer satisfaction or confidence.

A large majority of the survey pool (76%) anticipate that their firms will increase or greatly increase their focuses on technology risk management in the next 12 to 24 months.

Technology risk management consists of three key steps including:

Conducting a Security Audit which is a measurable assessment of how the security policy is employed in an organization. This includes taking an inventory of the hardware/software infrastructure of the organization, review of existing security policies and studying staff use of technology.

Risk Assessment: This including assessing and analyzing assets that are facing risks and prioritizing strategies for protecting them, such as loss of access, cyber attack, knowledge management and disaster planning

Risk mitigations: As part of the risk management process, these are the counter measures an organization can put in place to reduce risk. Some examples are keeping anti-virus software up-to-date, implementing security policies and improving training for all staff

Regarding technology risk management spend, the study found the largest share of respondents (68%) say potential added value is an important factor to consider. It suggests that it is important to conduct regular evaluation and reassessment of technology risk management processes to ensure proper protection of organization’s resources.