See things clearly
“Technology Risk Management Guidelines”, is a research paper published by The Monetary Authority of Singapore.
The objective of the guidelines is, “to promote the adoption of sound processes in managing technology risks and the implementation of security practices”, in regulated financial institutions.
Although the paper is aimed at the finance industry, and is consultative, I think it provides an insight into some of the governance practices that, sooner or later, will be adopted by companies across many business sectors, reliant as most organisations are today on information technology and flows of data.
Interestingly, a section of the document is devoted to ‘Oversight of technology risks by board and senior management’. For example, “The board of directors and senior management,
3.0.2 ...should be involved in the IT decision-making process to ensure that IT is capable of supporting the organisation’s strategies and objectives, as well as to ensure adequate oversight of technology risks within the organisation...
3.1.2 ...are fully responsible and accountable for managing technology risks, which are becoming increasingly complex, dynamic and pervasive...
3.1.3 ...are also fully responsible for the implementation of effective internal controls and risk management practices to achieve robustness, reliability, resiliency and recoverability of IT systems and infrastructures...
3.1.4 ...should review and appraise the cost benefit issues regarding investment in controls and security measures for computer systems, networks, data centres, operations and backup facilities...” [p.10]
Why would it be wise for these stakeholder groups to take more interest in IT issues in the business?
As well as issues of financial cost, “...reputation, customer confidence, consequential impact and legal implications...”, are at stake in today’s digital business environment.
Cost - The NatWest and RBS banks suffered a major IT problem that prevented millions of customers from accessing their accounts. The financial cost to the company has been estimated at being up to £100 million.
Reputation – Computer glitches at United Airlines, caused thousands of American passengers to suffer flight delays on Father’s Day weekend.
Customer Confidence – The U.S regulator has filed a law suit against the hospitality company Wyndham Worldwide, alleging that a failure to safeguard consumers' personal information led to more than $10 million lost to fraud.
Consequential Impact - A computer glitch meant KiwiRail did not pass on a heavy rain warning that could have minimised the damage caused when two commuter trains collided following a landslip in New Zealand.
Legal Implications - The Post Office has appointed external investigators to examine allegations of deficiencies in the computer system used in all its outlets. It comes after many sub-postmasters said they had been wrongly accused of theft, fraud and false accounting.
To perform on a daily basis, and to compete profitably, most business are crucially reliant on information technology and flows of data.
But, as the above examples demonstrate, when technology fails and data doesn’t flow as it should, the business can be damaged in many ways.
That is why it is essential that appropriate governance is applied, by the board and senior managers, to the management of technology and data flows.
Add a Comment