Risk is the major reason for uncertainty in any organisations of all types and sizes, both in the public and private sectors. This is why businesses are focusing more and more on identifying risks and managing them before they even affect the organisation.
“The ability to manage risk will help organisations act more confidently when making future business decisions, and this is why the need for governance, risk and compliance (GRC) is growing approximately 10% a year, with the market expected to reach $32-billion by the year 2020,” says Robert Brown, CEO of DRS, a Cognosec company. “Risk management should be promoted among senior management and supervisors and all organisations should implement some form of risk management tools.”
He adds that having cost effective corrective measures to ensure compliance is maintained will help to avoid fraud and corruption and will help the business to identify systemic gaps within the public sector. According to him, for profit organisations, risk is formalised as the uncertainty to financial returns and impacts. For non-profit organisations, risk is usually formalised as uncertainty in achieving the organisation’s quality and objectives.
The primary role of risk management is to identify the appropriate risk return trade off, implement processes and courses of action that reflect the chosen level of risk, monitor processes to determine the actual level of risk, and take appropriate courses of action when actual risk levels exceed planned risk levels, he explains.
For some years now, governments have been increasingly focused on achieving a better performing public sector, adds Brown. “An effective risk management strategy and control environment must be in place and that they must continually refine their risk management requirements to actively manage their changing risk.”
IT risks are evolving, says Brown, and more and more companies realise that they need to monitor IT risk in the same way they monitor enterprise risk. “In 2015 we learned that cyber threats can have a real impact, not only in our businesses but also in our personal lives. The notorious Ashley Madison data breach spurred divorces and suicides. We have also learned that with great technology-power comes great responsibility.”
He says we spend an increasing amount of time consuming and sharing content on Internet platforms, mobile devices and social media platforms. As a result, cyber risk has emerged as a key concern, and a major challenge for any company and individual.
All organisations – in the private and public sector will need to take bold steps to mitigate the risk of loss, business corruption and reputational damage that could arise due to a failure of their IT systems, or a security incident, he says. “Cyber security attacks will continue, and the onus will be on users to think twice before providing personal and company information.”
Because of this, there is a need to more effectively and efficiently manage IT assets, and IT risks should be any public sector organisation’s key focus due to the increasing number data breaches.
At the end of the day, all organisations, both public and private sector, need some level of risk management. “A good starting point is formulating strategic plans, setting objectives, taking a look at existing risk management activities, and understanding the organisation’s appetite for risk,” Brown says.
Organisations need to create an IT risk management charter to identify, analyse and evaluate risks, and then create a risk response/action plan. “Finally, they need to talk and show their strategies to top management to get a buy in and the funding to implement the strategies,” he concludes.