Society’s changing habits and widespread adoption of a digital way of life present challenges as well as opportunities for companies in the technology sector. Effective risk management can help businesses manage expected and unforeseen challenges so that they can benefit from the significant opportunities in the technology sector today.
The Institute for Internal Auditors (IIA) has published its second annual OnRisk report: ‘OnRisk – A Guide to Understanding, Aligning, and Optimizing Risk,” which identifies and defines key risks, as perceived by boards, management, and chief audit executives (CAEs).
The report discusses how the three key players in an organization’s risk management align (or misalign) in their view of these risks. It offers a detailed look at the greatest challenges expected throughout 2021 and how aligning risk management can increase success.
The report provides a universal view of key risks across all industries, but it is no surprise that several of the eleven key risks have a direct intersection with the technology sector. Let’s take a deeper look. The report, which was compiled through surveys and interviews with board members, c-suite executives and chief auditors, identified the following as the top eleven risks for 2021:
- Third Party
- Board Information
- Disruptive Innovation
- Economic and Political Volatility
- Organizational Governance
- Data Governance
- Talent Management
- Business Continuity and Crisis Management
The Pandemic and an Elevated Risk Profile
Risks such as Cybersecurity, Data Governance and Business Continuity, already top of mind to many over the last decade, have elevated in significance thanks to the pandemic and its impact on how businesses operate. With more work being conducted remotely, rapid investment and implementations of new applications and system upgrades, as well as changes to organizational structure and changes in the workforce, businesses are being forced to evolve and adapt, often at a brisk pace.
Cybersecurity took the #1 spot on this year’s list, as has been the case for several years. Investments in Information Security programs and cybersecurity tools continue, yet the threat of breaches, including the compromise of sensitive information, business disruption and reputational risk, have kept Cyber risk in the top spot. For the tech sector, effective information security can be the difference between rapid, adaptable growth and a rapidly evaporating customer base. With so much personal data being captured across the user and customer base, the stakes are high to protect information from bad actors, both from individuals and from sophisticated, organized hacking organizations.
Third-Party Risk, the #2 risk for 2021, is especially relevant to the Tech sector given the nature of relationships between customers and providers. As a third-party, companies must be able to demonstrate that they have the appropriate controls in place to protect sensitive customer data. With the growth of Software as a Service (SaaS) delivery models, third-party reliance has become the norm across key functions and business processes. A lapse in information security or business continuity due to third-party breakdowns and events can have serious consequences for all parties involved.
Disruptive Innovation, coming in at #5, continues to be a significant risk to the technology sector given the rapid innovation in the industry. Outdated business models unable to evolve, change and reinvent themselves run the risk of being outpaced and becoming obsolete. Growth in the tech sector has brought many new players that quickly accelerate from start-up to established corporate organizations, many of them becoming publicly-traded in record time.
Talent Management and Company Culture risks are being discussed like never before. Talented people with strong, relevant skillsets are in high-demand across the competitive workforce landscape. Many professionals are finding attraction to companies with a defined purpose and tangible culture. And the pandemic has only increased the desire for flexibility, including some positions with majority (or 100%) remote-working opportunity. The Culture and Social aspects of companies are getting attention like never before.
Additionally, the growing spotlight on Environmental, Social and Governance (ESG) reporting over the last 18 months has been hard to ignore, with leading tech companies making strong investments, and public-facing statements, on all facets of ESG issues and responding initiatives.
- Environmental initiatives are becoming commonplace, with many organizations setting firm timelines and advertising goals in areas such as carbon footprint and greenhouse gas emission reductions. Many organizations are now producing and publishing ESG reports to disclose their performance against generally accepted ESG frameworks. Increased transparency brings more risks associated with completeness and accuracy of key metrics relied on by stakeholders, including institutional investors.
- On the Social agenda, aside from meeting company values and contributing to the greater organizational “purpose,” these initiatives are often seen as a differentiator to current and prospective talent. In companies that promote a healthy, diverse, inclusive and equality-focused culture, high performers may feel more engaged, resulting in less turnover.
- Good Governance practices are also getting attention, with updated policies designed to promote corporate stewardship, investment in initiatives that benefit all stakeholders, and transparency on company operations and risk oversight.
Effective Risk Management is Key
The technology sector is seen as a leader in innovation and adaptability. In spite of what they may have learned in responding to the pandemic, companies still face challenges in adapting to unexpected events and adjusting their priorities accordingly.
Identifying and assessing risk is just one part of the story. Effective risk management requires ongoing evaluation of the appropriateness and effectiveness of risk monitoring and mitigation activities.
For assistance in identifying, evaluating, and designing effective risk management activities in your organization, contact us. We would welcome the opportunity to speak with you!