While it is usually management which designs and implements the organisation’s risk management framework, it is the Board’s role to ensure the soundness and usability of the framework for which it is ultimately responsible for. It is no different when it comes to risk management for information technology (IT). Boards are as accountable for IT risks as they are for all other risks that may prevent the organisation from attaining its objectives. The firm’s technology will include its critical IT infrastructure, its development, systems design, implementation, management, maintenance and upgrade.
Given that the current environment is one of unprecedented disruption, it is not surprising that organisations are simultaneously increasingly dependent on technology but often overwhelmed by the need to deal with it. The copious amounts of data and new information now available, coupled with the speed at which businesses must transform or risk being left far behind, may be particularly taxing for the Board to deal with as members may already be fully preoccupied with existing challenges. It is imperative therefore that Boards find a way to cut through the clutter and zero in on the actual issues that confront them when developing strategies for risk management in technology.
Among the Board’s most pressing roles is that which sets the risk appetite of the organisation where managing its technological risks are concerned, both in a way that allows it to manage or mitigate adverse effects while taking advantage of potential opportunities.
12 The IERP® Monthly Newsletter September - November 2021
Risk Management In Technology: The Board's Role