14 The IERP® Monthly Newsletter September - November 2021
As they broaden their understanding of these issues, a clearer picture of their organisational assets that need the most protection, will become evident, allowing them to prioritise and determine where the firm’s greatest exposures and vulnerabilities lie. This due diligence will go a long way in developing a better perspective of emerging risks, and identifying opportunities that the organisation may be able to capitalise on. Due diligence will inevitably produce more data; the Board needs to be aware of the necessity of managing this, and the risks that come with it, as poor data management may result in fraud and documentation irregularities that will lead to poor reporting.
A major portion of data management includes keeping it secure and confidential, and because many firms today outsource their data storage and retrieval systems to specialist providers, Boards will find themselves extending their oversight over third parties as well. It is worth noting that regulators are becoming increasingly concerned over how data is managed, stored, transmitted and manipulated, and legislation in many jurisdictions now have stricter governance mechanisms in place to regulate data creation, manipulation, storage and disposal. Organisations should have appropriate policies in place to ensure that there is compliance.
Again, the Board can only do this if it is up to speed on what is required, and has put in place the necessary checks and balances for effective governance, regulation and compliance. There are a number of ways it can do this; establishing a Board-level committee specifically for technology risks is one, particularly if the organisation envisages a growing dependence on technology in the future. This committee could comprise Board members with the prerequisite skills, or be authorised to access external expertise for consultation on developing the appropriate strategies, frameworks and policies. The committee should also try to ascertain best practices and benchmarks for its industry.
If Boards have not yet turned their attention to managing technology risks, they must start now or risk being left behind by both technology and their peers. Technology risks will not decline anytime soon; getting a handle on the issue of technology and cyber risk management now will help organisations weather the disruptions that lie ahead.