Risk, governance and compliance - three simple words that carry astounding weight and meaning for any business, anywhere in the world. Many businesses recognise the challenge of having risk management, governance policies and compliance procedures in place yet five years ago few would have foreseen the latest requirement on the horizon. Digital risk management.
As our worlds of BYOD, IT, IoT and an always on, always connected society permeates every corner of the globe the risk for any business and multinationals in particular has grown exponentially. So much so that Gartner predicts that by 2017, one third of large enterprises engaging in digital business models and activities will have a digital risk officer or an equivalent.
So what does that mean exactly? With the superset of technology now available to businesses and consumers alike organisations have strived to share information, branding, content via multiple social channels and much more online. Paper and print is diminishing as we place more and more online, in the digital sphere. What this does is create an enormous bank of digital content and in all likelihood, a disparate bank of digital assets depending upon the geography of an organisation’s offices. What might be deemed appropriate content and branding in the US and UK, for example, may be entirely different for Asia Pacific or South America. So how do senior executives, responsible for meeting multiple legislative and regulatory requirements monitor and manage their digital assets?
As Paul Proctor, vice president and analyst at Gartner says, “Digital risk officers (DRO) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk.” Creating a role or responsibility for digital assets within an organisation is a smart approach but how does one individual or perhaps a team monitor these assets across a multinational organisation?
Businesses need to consider the variety of different regulations across different regions, for example, the forthcoming amends to the data protection act across different countries, the assessment of technological risk of systems used to manage digital engagement or even the representation of a brand. All of these and more require regular assessment and monitoring so that if or when a DRO or risk management team is questioned about the organisation’s digital assets they can easily report back to the regulatory body or auditors, demonstrating that the organisation complies appropriately.
The other major benefit a DRO role brings to an organisation is the ability to drive value from digital asset spend. Multinationals, in particular, will often have countries or regions producing duplicate or overlapping content. With an accurate understanding of the global digital estate the DRO will enable decisions based upon not only the risk profile of assets, but also the value they deliver. Avoiding unnecessary spend where value maybe sub-optimal or where assets have become stale due to lack of updates. The accurate understanding of the entire digital estate through effective data capture and governance will then provide insights for better and more impactful decisions but also create savings and drive savvier purchasing decisions. Ultimately ensuring the DRO role pays for itself.
So while the predictions of the new DRO role abound what can businesses who’ve not yet made the hire do now?
Empower your knowledge base
The majority of businesses, especially multinationals, will be blessed with a group of knowledgeable employees (or consultants) such as lawyers, security executives, risk officers and senior executives. When combined these individuals can and should provide a cohesive view of the organisation’s digital assets and legislative/regulatory requirements in each location.
Think global, act local
By auditing the businesses across every location and recording the different digital assets produced and stored the risk management team can start to gain a clear view of any challenges or areas for concern as well as flagging future challenges in a reliable risk management system.
Set realistic expectations
Regulatory and legislative organisations will expect organisations to recognise the importance of their digital assets but the acknowledgement that digital risk management is still in its infancy means that you could be ahead of the curve.
Proactively prevent issues – don’t wait for the proverbial to hit the fan. By having a robust risk management policy and procedures in place you’ll be able to detect, report and address issues that are important. After all prevention is better than having to continually firefight problems.
By creating a clear data collection process in your business you’ll be able to profile the risk of assets and use the information to compare value – therefore optimising the risk and reward balance.
Overall remember those producing digital assets never envisioned that they would one day have to comply to the growing regulatory demands that modern businesses now face. If you want to be successful in motivating your entire organisation into being compliant remember to keep things simple, educate and collaborate. By getting all employees to appreciate the associated benefits of risk management you’ll be more likely to succeed in implementing and maintaining your digital assets.
By Matthew Eddolls, Head of Risk Change, CoreStream