IERP® Team No Comments

Digitisation: Is It Worth It?

Do you digitise your business and take on all the risks that come with technology…

In the rush to keep up with the competition, it is inevitable that the focus will be on setting up systems, training personnel, and ensuring everyone is up to speed with the latest software. But very often, not enough attention is paid to managing the risks which are inherent in digitisation. Organisations are often adept at adopting the latest technologies to keep themselves competitive but are often blind to the fact that digital risk is a very real risk, and thus has to be managed in the way that any other business risk is managed. The most damaging aspect of digital risk is perhaps the fact that it can strike faster and harder than any other kind of risk, and from anywhere.

Do you digitise your business and take on all the risks that come with technology literally at the speed of light, or do you carry on as you’ve always done: slowly, carefully, with minimum dependence on modern conveniences that you – and sometimes your customers – have always been comfortable with? Can you bear the risk of being left behind? For most organisations, the answer is a resounding No – and they have embraced technology wholeheartedly, not fully appreciating its implications, and not really preparing themselves for the flip side of digitisation, which can be completely devastating when it goes wrong.

Exposure to digitisation risk is inevitable but not digitising the business may turn out to be even riskier. Businesses can protect themselves by first of all understanding their needs, and formulating their digitisation strategy accordingly. They should understand the implications of adopting certain technologies, and how this may affect other risks that the organisation will have to mitigate; they should practice selective digitisation, and not rush into putting in more “bells and whistles” before they are sure that they have a robust system in place. The focus should be on how digitisation can add value to the business while simultaneously enhancing the risk management function.

Properly applied, digitisation actually helps risk management achieve higher levels of efficiency. Given the aims of risk management, digitising the risk management function spurs the efforts of the organisation in its alignment of its strategy and objectives, besides decreasing costs and supporting compliance. Supporting risk management in this way helps to keep it relevant in a dynamic environment – but not all risk management processes and procedures need to be digitised. The organisation will have to cherry-pick what best suits its purposes, and can improve its competitiveness. But again, it needs to proceed with caution.

What should be considered when moving towards digitisation a firm’s processes, vis-a-vis its risk management function? It should look at what areas of the business have been digitised, and how exposed these are to risk. This means taking into consideration the respective surrounding environments. For instance, if the back office function is digitised and linked to suppliers’ systems for tendering or restocking purposes, access to the systems should be restricted on both sides – which requires alignment of the organisation’s system and that of its supplier(s). But this may not always be possible; the organisation is thus vulnerable in this area.

In the event of a cyberattack on either system, both parties will suffer; security, confidentiality, privacy of data and compliance will be compromised and could lead to financial loss, loss of stakeholder confidence and decreased competitiveness. This is an example of how the organisation’s efforts at upgrading its systems to improve its performance can have the opposite effect and may instead increase its vulnerability. Whilst implementing digitisation in the organisation is a substantial exercise in itself, the process is greatly facilitated if the business already has the appropriate risk management frameworks in place.

Cybersecurity is now a must-have, but ERM has demonstrated its effectiveness in managing digital risks, and has the potential to support organisations in optimising results from digitisation projects and initiatives. The nature of ERM requires its users to view risk from multiple perspectives, which is something that goes a long way when managing digital risk as well. An ERM policy and framework is capable of creating and driving digital risk awareness and encouraging the development of a risk culture across all functions and levels of an organisation. It also helps to identify challenges and shortfalls when addressing risks which are peculiar to the organisation.

All these are the necessary steps to formulating a suitable digital risk management strategy for the firm Like all strategies, to be truly effective, it has to take into consideration the realities, culture and characteristics of the organisation. It also has to look at ways of keeping them sustainable while supporting digital risk management practices that will keep the company safe. In the New Normal, conventional businesses approaches will become even more inseparable from technology, and consequently, more vulnerable to the risks inherent in it. Organisations would therefore do well to get a head start by understanding it comprehensively, and making simple, concise decisions on how future challenges will be managed.