Intensified concerns about risk management, auditing and fraud detection, and corporate governance have sensitized boards and top management teams to adopt an even more active role in the oversight of business strategy and key enterprise activities. Significant regulations including Sarbanes-Oxley, HIPAA, and the Patriot Act have further raised the stakes.
Failures to meet the required attestations, unintended violations of privacy and confidentiality, or heightened vulnerabilities to identity thefts are likely to invite adverse reactions from regulators and from the stock market.
As business technology becomes embedded in core organizational processes, control systems, and decision support systems, it is vital that boards appreciate the material risks due to technology and understand the risk-mitigation strategy.
An enterprise-wide perspective is needed to guide the use of business technology in implementing effective and economical enterprise risk management systems that facilitate both management control and an ability to audit performance. With greater complexity in the processes and structures for managing business technology (for example, outsourcing, offshoring, and applications and website hosting), there is a need for more sophisticated models of enterprise-wide risk assessment that factor in not just the internal risks, but also the risks inherent in sourcing and external partnering.
Boards and top management teams must provide active oversight over how business technology risks impact the business, and ensure the effectiveness of the governance systems in mitigating these risks. The board must remain vigilant - always looking at both the business and technology sides of their organization.
Strategic risk refers to the risks facing the firm due to poorly envisioned or executed business strategies. Within business technology management (BTM), the focus is on risks at the intersection of business technology and business strategy. Regulatory compliance refers to corporate adherence to different regulatory expectations related to financial reporting and data management. Poor regulatory compliance invites liabilities of civil or criminal punishment and shareholder lawsuits. There are other forms of risks, including systems and sourcing risks.
Although those forms of risk are likely to be managed by business and technology executives, the management of strategic risk and regulatory compliance must reside at the board level.
What strategic risks must be managed at the top? Some of these risks include the following:
The management of regulatory compliance has always been an area of board oversight. However, the strategic importance of information and the nature of current business technologies have raised the stakes regarding the privacy, security, and confidentiality of information. In particular, there is heightened sensitivity to safeguarding not just sensitive corporate transaction data, but also data about customers, employees, and business partners.
The pervasiveness of business technologies has made it far easier for unauthorized pilferage of such information and data. In addition, with heightened concerns about terror, regulations increasingly compel organizations to furnish more data than before. The management of compliance requires attention to the following issues:
Faisal Hoque is an internationally known entrepreneur and author, and the founder and CEO of BTM Corp. His previous books include Sustained Innovation and Winning The 3-Legged Race. BTM innovates business models and enhances financial performance by converging business and technology with its products and intellectual property.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.