Risk management oils the wheels to successful digital transformation

I recently read somewhere that we send around 205 billion emails across the world every day. Even the self-professed Luddites amongst us, have been forced to interact with technology in this age. Digital applications have become irresistibly pervasive.

Businesses are expected to develop and deliver the innovation customers now demand to support their changed behaviour.  Digitisation has spawned a change in consumer behaviour based on the  improved capabilities of personal devices many of which are mobile.

The capability of mobile devices has also allowed employees to adopt new work practices. Creating a flexibility that was not previously imagined. This has changed the dynamic of the business relationship with organisations from both the customer and staff perspectives.

 The digital age has brought a plethora of  opportunity for business. New services and new ways of doing business are regularly created. New ways of increasing customer satisfaction are also championed. These practices rightly boost company profits, but also introduce  a variety of risks into the business landscape.

Project Management to successfully deliver the change is fraught with risk. History is littered with the carcasses of businesses from failed projects. The Black Hat 2017 survey report found 73% of Hackers surveyed said traditional perimeter security firewalls and antivirus are irrelevant or obsolete. Every organisation is vulnerable. Cyber security is a big threat to the success of modern business. Companies of all sizes are at constant risk of falling victim to disruptive attacks such as phishing, DDoS or ransomware. Furthermore IT decision makers must find ways to allow their staff access analytical data securely from any location. The cost of failure from any of these areas of change management, cyber-attacks or loss of data can run into the millions, and can wipe out companies failing to take proper care. 

 As if that wasn't enough there's still the personal element. The loss and in some instances the abuse of personal identifiable information (PII) has created the need for far reaching compliance regulations. GDPR is an example, the regulation gives the option to punish businesses with crippling fines for failing to secure their systems and data appropriately.

The risks are real, the costs are significant and the likelihood is high, businesses need to have an effective response available.  Clearly the transition to a digital operating model requires effective and efficient risk management.  Fortunately ISACA have provided some guidance for this. Just like Project Management it's about successfully adapting it to the specific environment or circumstances.

ISACA is an independent, non-profit, global association, which provides industry-leading knowledge and practices for information systems. ISACA uses CRISC, Certified in Risk and Information Systems Control to set the standards and practices for IT and business professionals who develop and maintain information system controls. The method also provides guidance for security operations and compliance procedures.

The goal of risk management is to reduce risk through mitigation techniques. Despite the best mitigation strategies and implementations risks cannot be completely eliminated. The risks left within the organisation after all mitigations are known as residual risk. The aim of risk management is to keep residual risk within the risk tolerance set by the management of the organisation. Management make sure the risk aligns with the overall business objectives it is therefore within tolerance as agreed in the organisation.

If management don't have the capability or capacity for risk management they need to get resources that will provide;

1. Firm understanding of the impact from IT and Enterprise risk and how those affect the organization.
2. Effective plans and implementation strategies to mitigate risk.
Objectively driven risk-based decisions.
3. The knowledge to set a baseline for risk management within the organisation.
It's only when we are comfortable that the risks from a digital transformation journey are within our set tolerances, that we can envisage a successful conclusion to digitisation.