Board-level technology risk management
In our new digital economy, the greatest risk relates to controlling and protecting your data and software.
Risk management must focus primarily on how you are protecting your customer data, especially as data breaches become more common and regulation around customer data becomes more stringent.
Addressing technology risk management is therefore crucial – and must be done at board level. After all, your board has ultimate power when it comes to your company’s digital transformation.
Below, we outline three steps you can take to address technology risk management at board level.
1. Ask the necessary questions
The board should be asking itself the following seven questions:
Do our policies and control frameworks align with our current and future business model?
How do we protect sensitive customer data?
Do we have information to assess the quality or vulnerability of the software we use or develop?
Do we have cyber insurance?
Do we have a strategy for dealing with a crisis?
Do we have the information we need to oversee cybersecurity risks?
How do we protect sensitive information handled, stored and transmitted by third-party vendors?
2. Create a technology advisory board
Setting up a technology advisory board or panel is an effective way to gain insight from individuals with a wide range of relevant technology and digital expertise.
The technology advisory board should provide guidance on digital matters, such as the strategic implementation of new and emerging technologies, along with matters such as cybersecurity.
An advisory board can provide guidance to both the board of directors and the executive team, or can work closely with one of the two.
If the advisory board interacts more with management, then the board of directors should confirm that the advisory board’s charter and member composition adequately address the full range of technology governance and risk management issues required for the business.
3. Appoint a digital executive to the audit or risk committee
As technology becomes more pervasive in your organisation, the ability of the audit committee, which will typically oversee risk management, to address the risk is as critical as its ability to evaluate financial risk.
Working with risk teams that don’t understand digital can be slow and laborious, as they approach projects and decisions using outdated processes and frameworks.
Explicitly adding technology risk to the audit committee agenda – and making sure there is at least one digitally savvy executive on the committee – is highly recommended, especially where technology risk is not acute.
The board can make or break your digital transformation
Your board plays a critical role in the successful digital transformation of your company, and in ensuring survival through the dynamic forces of the new economy.
Any fundamental change to strategy requires strong leadership, and the scale of the shift we are describing has to be supported and guided by the board.
Change has to be pushed from the top down. Without a driving force that has the power to enact change, the company will remain as is.
Our new book, Chasing Digital, outlines a three-part framework to ensure your company’s digital transformation is a resounding success.