The evolution of technology risk management

KPMG US
16 Mar 201604:33

Summary

TLDRThe video discusses the evolution of technology risk management, particularly in highly regulated sectors like financial services. It emphasizes how technology has become a key enabler of business strategies and how the role of technology risk management has shifted over the years. The conversation highlights the growing importance of collaboration within organizations, including IT, compliance, and audit functions, to effectively manage and predict risks. Additionally, the script touches on the significance of forward-thinking strategies to address new risks associated with emerging technologies, third-party providers, and other changes in the IT landscape.

Takeaways

  • πŸ˜€ Technology is critical for all organizations and technology risk management is essential for enabling business strategies.
  • πŸ˜€ Financial services and highly regulated sectors adopted technology risk management due to regulatory requirements and oversight.
  • πŸ˜€ In the past, conversations with CIOs focused on IT department performance, but now the dialogue has shifted toward managing technology risks more formally.
  • πŸ˜€ Over the last few years, there has been a growing focus on formalizing technology risk management at the first line of defense within organizations.
  • πŸ˜€ As IT estates grow and become more complex, IT must be involved in risk conversations alongside enterprise risk, compliance, and auditing teams.
  • πŸ˜€ The board's role in managing technology risks has evolved, as technology is a key driver of business strategy and enabling growth.
  • πŸ˜€ It’s important for companies to not only address current risks but also anticipate future risks associated with new technologies, applications, and third parties.
  • πŸ˜€ Companies are collaborating more across industries to identify and manage new IT risks predictively, sharing knowledge through forums, surveys, and public knowledge bases.
  • πŸ˜€ Effective collaboration between compliance, audit, and enterprise risk management functions leads to better transparency and more effective risk mitigation strategies.
  • πŸ˜€ Organizations are increasingly investing in collaboration across departments to improve information flow, transparency, and the effectiveness of risk management strategies.

Q & A

  • What is the role of technology risk management in organizations?

    -Technology risk management is critical for organizations as it helps identify, assess, and manage risks associated with technology to support and enable business strategies. It ensures that technology aligns with the organization's goals while mitigating potential risks.

  • Why did organizations in the financial services sector embrace technology risk management?

    -Organizations in the financial services sector embraced technology risk management primarily due to regulatory requirements and oversight from bodies that mandated the implementation of risk controls to safeguard their operations and maintain compliance.

  • How has the discussion around technology risk management evolved in the past few years?

    -The discussion has shifted from focusing solely on IT department performance to a broader approach involving collaboration between IT, enterprise risk management, compliance, and auditing functions to better understand and manage technology risks across the organization.

  • What is meant by the 'first line of defense' in technology risk management?

    -The 'first line of defense' refers to the role of operational departments and teams in managing technology risks within their daily operations. As IT estates grow in complexity, it becomes essential to establish structured processes to manage and mitigate risks from the outset.

  • Why is it important for IT to be included in risk conversations at the enterprise level?

    -IT needs to be included in risk conversations at the enterprise level to ensure that all technology-related risks are identified and managed effectively. As technology is a key driver of business strategy, aligning IT with enterprise risk management allows for better-informed decisions regarding risk mitigation.

  • How does the board's role in managing technology risks continue to evolve?

    -The board's role has evolved from overseeing basic compliance and risk management to actively engaging in technology-related risks as these risks become increasingly tied to business strategy and operations. The board now plays a key part in ensuring that technology risks are effectively managed as part of overall business risk.

  • What role do new technologies and third-party service providers play in technology risk management?

    -New technologies and third-party service providers introduce additional risks to an organization's IT estate. These must be proactively managed, as they can affect security, compliance, and overall risk profiles, making it essential to consider them when assessing technology risks.

  • How are companies working together to improve technology risk management?

    -Companies are collaborating across industries by participating in forums, surveys, and public knowledge bases to share insights, identify emerging risks, and develop best practices for managing technology risks. This collaborative approach helps organizations be more effective in anticipating and managing future risks.

  • What is the broad context of technology risk management within an enterprise?

    -The broad context of technology risk management involves considering the entire enterprise risk and integrating technology risk as a key component. It requires a holistic approach to assess what can pose a risk to the organization and how to manage those risks within the broader business framework.

  • How do collaboration and transparency contribute to more effective technology risk management?

    -Collaboration and transparency between IT, compliance, audit, and enterprise risk functions lead to better information flow, clearer risk identification, and more effective design of risk mitigation strategies. This helps organizations adapt to changing technology landscapes and manage risks over time.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Related Tags
Technology RiskComplianceIT ManagementRisk MitigationEnterprise RiskBusiness StrategyInnovationRegulatory ControlIndustry CollaborationIT Estate