Governance in the digital age
The concept of digitalisation stems from the need to be disruptive, competitive, running lean and maximising on return on investment in financial quantitative terms or in intangible value of investment. Digitalisation is the fabric that interlaces collaboration and interaction of different business sectors, departments, organisations corporates, people, technology and services. This allows diversified technology services and activities to be availed and consumed as digital services.
So said Matimba Simango, an IT governance officer at PPC Cement. Simango will also be one of the speakers at the upcoming ITWeb Governance, Risk and Compliance conference in February next year. This event is themed "Governance in the digital age" and is aimed at helping GRC practitioners cope with the risks that come with digitisation.
"The scope of digitalisation is big, thus it is of paramount importance that governance, risk and compliance (GRC) practitioners do not lose control and focus on managing digitisation. GRC efforts must be congruent and in sync with the pace and velocity at which digitisation is progressing. The focus must be channelled to managing the inherent cyber and related technology risks in cognisance of the exponential growth in the consumerisation of digital services. This is easier said than done..." said Simango.
GRC practitioners should be creative and intuitive in collating a variety of frameworks, principles and standards to create policies and related instruments to manage digitalisation, he continued.
"They must assess current regulatory laws, including those in development. This means that GRC practitioners should engage with each other as professionals, they must also engage with GRC technical bodies and organisations to formulate relevant policy instruments. This sets an environment in which GRC practitioners are aware of technology trends and control mechanisms that they must put in place to effectively manage the space in which they function and operate.
"This creates proactive initiatives to ensure that the outputs of digitalisation services and technology support improve and grow businesses," he explained.
"GRC practitioners must be in a position to take up digitisation services and technologies. At the same time, they must make sure they support the business strategy by ensuring that these services and technologies do not expose organisations and the business entities they operate in to risk. As difficult as it is with the current trends in cyber risk and exposure, GRC practitioners should not be inhibitors in the adoption of digitalisation," said Simango.
GRC practitioners must diligently look at reviewing IT-to-business strategy alignment through engaging in policy reviews, assessing regulatory laws for input to governance processes, and also spending time with various stakeholders within the entities in which they work, he pointed out.
"This will ensure that they understand first hand on how digitalisation is being adopted into business process," he concluded.