Your digital landscape and the hidden risks
South African companies are not moving forward in an innovative way with regard to their risk identification and risk evaluation processes and methodologies.
Let us pose this question: Do any of us truly and comprehensively understand the full scope of emerging risks within our organisations, brought on by our ever-growing and ever-complex digital landscapes?
I would be so bold as to suggest that the answer to this would be a universal “no”.
The problem lies in the fact that people don’t fully understand the magnitude and/or scope of this risk. They tend to think of it along the lines of isolated or substantial projects focused on robotic process automation, AI, autonomous cars and the like. Disruptive technology, however, could be something as seemingly insignificant as a smart fridge in a room that accommodates coffee breaks.
We adopt these ‘cool’ new technologies without considering more than their glossy outward appearance. Most companies don’t know how to even begin to identify the full scope of this risk, and haven't considered the risks presented by the introduction of, or engagement with digital disruptive technologies.
The nature of the risk varies broadly: it is both industry/sector specific and it depends on the organisation and its particular strategic objectives, leaving numerous aspects of this scope for risk open-ended. Furthermore, because of the nature of the risk, one needs to think outside of the box when it comes to normal risk identification and evaluation, as detection/identification of a disruption may be an opportunity for the company.
Going for the opportunity, with little or no consideration of the ramifications that the technology project will have for the rest of the organisation, from a governance, risk management and compliance (GRC) perspective, may ultimately result in a significant crisis for the company.
The crux of this risk is the connectivity of everything in our world. We humans tend to take for granted the state of connectivity we live in. Something, somewhere, is always on and connected, and as a result, poses a level of risk which, in many instances, has the potential to create exposures that most companies are not equipped to deal with.
What we have seen, through the independent risk maturity reviews that our GRC services organisation has conducted over the past eight months, is that generally, South African companies are not moving forward in an innovative way with regard to their risk identification and risk evaluation processes and methodologies.
We are, in fact, seeing a significant weakness in maturity across the board, just from looking at the basics of the GRC approach, and at processes and accountability. As a result, it is clear that most companies are critically ill-prepared to deal with the broad and far-reaching effects of digital disruptive risks.
It is alarming that we still see such a poor maturity level when it comes to risk management innovation. Most companies show an immature GRC strategy when it comes to the better-known, ‘traditional’ risk universe, never mind having to foster the agility needed to deal with the far-reaching emerging risks stemming from technology disruption, cyber criminals, information privacy and protection.
Organisations still insist on hanging on to their old Excel risk registers or static siloed risk management tools, coupled with subjective human-based approaches to inform the risk registers. There is little to zero adoption of SMART: Context of the Organisation risk identification approaches, linking risks back to achievement of objectives with a performance focus, using technology enablement in a mature and well-developed manner.
Old risk identification approaches are not agile enough to deal with the overwhelming variables that make up the nature of these emerging risks within the digital landscape, across the organisation. And we have not even begun to look at the monitoring and preventative tools and approaches that must be adopted.
Through a highly iterative and collaborative approach with our clients and subject matter experts, the RUBiQ team has invested heavily in its technology, content and advisory to deliver a solution that answers the ‘how’ and ‘what’ of the ‘why’ above.
Click on the link below to get started with one or more of our selection of RUBiQ Maturity Assessments, the first and highly informative (yet light touch) step in our RUBiQ journey to help organisations navigate and succeed in understanding and managing the risks within their own digital landscapes: