Corporate governance has taken centre-stage across boardrooms around the world. The term applies to all aspects of a business. Given the fact that technology is expected to play a key role in helping organisations achieve their business objectives, it is imperative to discuss the role of corporate governance over technology.
Risk management is a critical component of corporate governance. Risk management helps organisations recognise the wide spectrum of risks that they are exposed to. It aims to help them prioritise risks based on their potential impact, put mitigation plans in place, and monitor them so that they dont become hurdles in achieving corporate objectives. Information technology is a key support function in any business, and regulation requires the board and the management to report key risks, and their assessment of how these risks are being managed. The Chief Information Officer (CIO) needs to play a significant role in supporting boards, audit committees and the management, in first understanding, and then implementing, good governance over IT.
Security and disaster recovery used to be major risk factors, but today, IT risk management covers a range of factors such as runaway projects, global sourcing, regulatory compliance, privacy, trans-border data flow, export control, financial disclosure, certifications, business continuity, fraud detection,protection of intellectual property and shortage of skilled resources. The list is endless, and promises to keep growing.
The sources proliferating risk are increasing manifold as well. Natural disasters such as fires, floods, earthquakes and cyclones have always been a risk for IT. To that list of natural calamities can be added an ever-expanding range of man-made risks viruses, worms, Trojan horses, phishing, spyware and identity theftmaking the IT risk management job more difficult every passing day. In addition, globalisation, new technology and attrition rates complicate the task of managing IT risks.
What is IT risk management? Simply put, it is the identification, assessment and mitigation of risks related to information technology. The growing importance of IT for successful execution of business goals calls for an effective risk management programme. Corporate reliance on IT raises the stakes in terms of the importance of maintaining 24x7 business continuity.
Technology not only creates new risks, but also plays an important role in mitigating risk. As such, IT executives must now work closely with business unit leaders and executive managers to adopt a formalised set of reproducible and scalable risk and compliance management technologies and techniques.
Read the full article at Express-Computer.
|
