Enabling a risk-free culture for businesses requires risk-based governance; Rohit Mahajan, President – Risk Advisory, Deloitte India

CXOToday has engaged in an exclusive interview with Mr. Rohit Mahajan, President – Risk Advisory, Deloitte India


What risk management strategy can organizations adopt for enabling business transformation in the digital era?

Today, digital is interwoven with a company’s growth strategy and most CFOs plan to maintain or increase making digital investments for business transformation. Along with better customer retention, cost efficiencies, talent engagement, margin growth and user experience, the digital era brings with it a plethora of risks that were unheard of say two decades ago. Organisations are conscious of the holistic risk management approach they must imbibe to prevent, protect, and predict the uncertainties in the digital world. First, the company’s digital vision, digital enablers and overall digital footprint must be factored in. Next, create a risk-based architecture catering to the needs and operating environment of the organisation. As the third step, embed this risk-based architecture in the DNA of the company with an underlying governance mechanism. Lastly, there needs to be a continuous monitoring system to survey the digital footprints of the organisation and the external environment to ensure that new risks are factored in, and disruption is at a minimum. Effective risk management requires mobilisation of the larger organisation through workshops, trainings, etc. to ensure that it is a “way of working” and not a knee-jerk reaction to an adversity.


How can CIOs and CISOs work together to ensure cyber resilience considering ongoing threats, like ransomware, and this pervasive talent gap

Organisations have realised the importance of moving from Reactive to Proactive to Predictive technologies and in today’s VUCA world,  CIOs and CISOs are trying to balance various high priority initiatives and managing multiple risks while facing a significant talent shortage.

The first step to ensure cyber resilience is to have proper collaboration between IT and Security functions at both the operations level and the leadership level. This means teams should work closely together with business leaders to evaluate technologies and plan initiatives in-order to ensure business needs are met with agile, robust, and secured information system. The next step is to balance secured cloud deployments as migrating to the cloud requires organisations to extend some security postures beyond what they can directly control and a good way is tightening your organisation’s own security posture and then ensuring that cloud partners meet those requirements. The third and most important is to manage a small pool of talent. As many organisations are struggling to hire IT and cybersecurity talent due to shortage of skilled resources, one way to combat this issue is by focusing on retention and reskilling their current workforces. In today’s demanding landscape, both IT and security teams need to co-own cyber resilience outcomes and need to have an extensive understanding of their organisation’s potential attack surface. Collaboration, Modern Data Security & Management can help close gap and ensure resilience to the ongoing threats.


What approach can organizations take towards climate action and risk identification

There is a clear shift in the demands of customers, employees, governments, investors, and they expect companies to be climate leaders and with good reason.

Approaches towards climate action:

1: Integrate climate into your business strategy: Industries must be fundamentally redesigned to achieve a 1.5°C target and this will require transforming business models that could open-up new revenue streams and drive innovation.

2: Reduce own emissions: Emission reduction targets should align with climate science, starting with at least 40-50% reduction in carbon emissions from company operations in the next ten years.

3: Reduce value chain emissions: Value chain emissions normally represent the largest share of a company’s total footprint

4: Influence climate action in society: Using company network and sphere of influence to support and accelerate climate action. This can be done by influencing and working with a wide circle of customers, suppliers, NGOs.


How are organizations dealing with new age technology risks with regards to their businesses?

New age risks such as pandemic risks, geopolitical risks, cyber risks, data privacy risks, social media risks, etc. are becoming more pertinent for organisations. Organizations today have a more holistic and nuanced understanding of how different types of risk are affecting their entire value chain and how to effectively deal with these risks by changing risk management tactics and cultural mindset. In the past, risks have been evaluated on two dimensions, potential impact, and likelihood. But in today’s transformative age, a third dimension “Velocity” is critical, the speed and rate at which you prevent risks which can cause damage/loss, or that can impede rapid growth.

Organisations are using various approaches to deal with the new age technology risks whether it be through better data management, Multifactor authentication, data-loss-prevention tools, and enhanced monitoring and analytics. There is also an increased coordination across the subdisciplines of IT Risk Management which include cybersecurity, disaster recovery as well as vendor and third-party management. With an integrated enterprise risk management, organisations can aggregate risk information consistently and are equipped with data to make quick and effective decisions.

Leave a Response