The Internal Institute of Auditors (IIA) and ISACA held their 2019 Governance, Risk, and Control Conference from August 12th to 14th in Fort Lauderdale. This year I was honored to be selected to speak on the effects of data privacy risks in the See-Through Economy in my presentation, “Prepare for a Data Governance Revolution with a Risk-Based Approach.”
Each year, powerhouse risk governance associations ISACA and the IIA bring together the leaders of the governance, risk, and control (GRC) industry from their more than 325,000 combined members from around the world so they can learn best practices, gain new skills, and bring actionable knowledge back to their organizations. This conference empowers organizations to embrace the necessary shift to new methodologies when they tackle both predictable and unpredictable changes in the business. The GRC professionals who attended the conference will be leading the charge of mitigating risks through internal controls, ultimately protecting their organizations’ reputations in the See-Through Economy.
I’ll be recapping below some of the key takeaways I shared with nearly 400 attendees during my session, in addition to tools I provided that you can use in your own organization.
The Challenge: Managing Increasingly Daunting Data Diversity in the See-Through Economy
The International Data Corporation predicts that there will be a ten-fold increase in worldwide data by 2025. As businesses continue to experience this increasing amount of data, governing it becomes even more complex. As a result, organizations are relying more and more on third party vendors to store and manage their data. This practice creates additional data privacy risks that must be properly governed by the business in order to prevent cybersecurity breaches. Although you can outsource a process, you can never outsource the associated risks.
The public sets high expectations for a company’s cybersecurity program. For example, 92% of consumers agree companies must be proactive about data protection. To aid consumers’ high expectations, the See-Through Economy connects people all over the world through social media and provides an outlet for them to voice their concerns. When expectations are not met, investors are front-row witnesses to consumer outrage, which consequently affects how they invest. Fortunately, cybersecurity mishaps are completely preventable with an enterprise risk management software.
Use the See-Through Economy to Your Advantage
Connect Your Risks to the Right Controls
Connecting risks to mitigation activities is the first step in preventing risk management failures. To help further explain this I gave the following example. As I was going through airport security on my way to the conference, I brought along with me a bag of pocket-sized hand sanitizers to give out at the LogicManager booth. I was worried that this would violate the policy requiring liquids to be less than 3.4 ounces given that there were so many of them; however, when I asked the security personnel, I was informed this was allowed. Grateful I did not have to throw out 50+ hand sanitizers, I still found myself pondering the risk at hand. Although TSA was able to check off the box that the hand sanitizers were technically all under 3.4 oz, I still boarded the plane with well over this amount of liquid. What risks are the controls actually mitigating? With an effective risk management program, TSA could map this risk to an appropriate control so that it becomes clear what they are trying to prevent and avoid a potential disaster.
Implementing a risk management program is essential, and soon you will become the superhero of your organization. How do you get the board’s buy-in for continued support? It’s simple. When presenting ERM to the board, keep it short, and colorful. C-level executives do not have the time to go through the ins and outs of every department. Fortunately, all you need to communicate with your executives are dashboards that aggregate data across the enterprise into concise reports. With new technologies and increasing amounts of data and partnerships, risks are inevitable. An enterprise risk management system can help. Proactively manage your risks by connecting them to the appropriate mitigation activities and internal controls across the enterprise. Ultimately, ERM helps identify controls in a fast-moving environment to make sure the right people with the right knowledge are making key risk-reward account decisions. With a proactive and engaging ERM strategy in place, you’ll be able to avoid any corporate disasters. Lastly, play up to the advantages of the See-Through Economy to showcase satisfied customers and highlight the risks you are properly mitigating at your organization.
Download the Risk-Based Approach Wheel
Download the risk-based approach wheel to learn how to connect your risks to the appropriate mitigation controls!
This article was originally published on LogicManager.com